This should allow me to pass exploits for most business environments. Let’s get started… Windows guest machine - The Machine to be infected!
Using VMWare, create a new virtual machine selecting the approtiate drive size and operating system. Mount your windows iso file and finish the install.
Once the system is booted up install the following:
- Pil python library
- Office apps
- Guest virtualization tools
Once the system is rebooted make sure the following settings are modified:
- disable firewall
- disable iac
- disable updates
At this point, you should have a working windows guest operating system. It’s a good idea at this point to create a snapshot. Open terminal on your OSX host device and type the following commands:
$ VBoxManage snapshot Win7-Cuckoo take Malware-Analysis --pause $ VBoxManage controlvm Win7-Cuckoo poweroff $ VBoxManage snapshot Win7-Cuckoo restorecurrent
Additionally when that is completed you might want to modify some settings to peoperly enable communications between all the different systems and virtual applainces:
disable firewall - mac
sudo sysctl -w net.inet.ip.forwarding=1 sudo natd -interface en0 sudo ipfw add divert natd ip from any to any via en0
Enable the application firewall via - (0 to disable)
defaults write /Library/Preferences/com.apple.alf globalstate -int 1
Restart the services
$ launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist $ launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
The application firewall can be controlled with the /usr/libexec/ApplicationFirewall/socketfilterfw binary.
At this point your ready to submit malware to your victim machine and have a snapshot to resort to.