From 92ba8ce75433d0a0571e50539fa5d482010a8e18 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 10 Aug 2023 17:14:16 +0000
Subject: [PATCH 1/4] BB: Add Packer scripts for mimikatz-15

---
 envs/monkey_zoo/packer/setup_mimikatz_15.yml | 36 +++++++++
 envs/monkey_zoo/packer/smb.pkr.hcl           | 77 ++++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100644 envs/monkey_zoo/packer/setup_mimikatz_15.yml
 create mode 100644 envs/monkey_zoo/packer/smb.pkr.hcl

diff --git a/envs/monkey_zoo/packer/setup_mimikatz_15.yml b/envs/monkey_zoo/packer/setup_mimikatz_15.yml
new file mode 100644
index 00000000000..53c859eb8e7
--- /dev/null
+++ b/envs/monkey_zoo/packer/setup_mimikatz_15.yml
@@ -0,0 +1,36 @@
+---
+- name: Create a new user
+  hosts: all
+  vars:
+    ansible_remote_tmp: C:\Windows\Temp
+  tasks:
+    - name: Create user
+      win_user:
+        name: m0nk3y
+        password: pAJfG56JX><
+        password_never_expires: yes
+        state: present
+        update_password: on_create
+        groups_action: add
+        groups:
+          - Administrators
+          - "Remote Desktop Users"
+
+    - name: Disable SMBv1
+      ansible.windows.win_optional_feature:
+        name: SMB1Protocol
+        state: absent
+
+    - name: Allow port 445 SMB
+      win_command:
+        cmd: netsh advfirewall firewall add rule name="Allow Port 445" dir=in action=allow protocol=TCP localport=445
+
+
+    - name: Change the hostname to mimikatz-15
+      ansible.windows.win_hostname:
+        name: mimikatz-15
+      register: res
+
+    - name: Reboot
+      ansible.windows.win_reboot:
+      when: res.reboot_required
diff --git a/envs/monkey_zoo/packer/smb.pkr.hcl b/envs/monkey_zoo/packer/smb.pkr.hcl
new file mode 100644
index 00000000000..c1176930be9
--- /dev/null
+++ b/envs/monkey_zoo/packer/smb.pkr.hcl
@@ -0,0 +1,77 @@
+packer {
+  required_plugins {
+    googlecompute = {
+      source  = "github.com/hashicorp/googlecompute"
+      version = "~> 1"
+    }
+    ansible = {
+      source  = "github.com/hashicorp/ansible"
+      version = "~> 1"
+    }
+  }
+}
+
+variable "project_id" {
+    type = string
+}
+variable "zone" {
+    type = string
+    default = "europe-west3-a"
+}
+variable "machine_type" {
+    type = string
+    default = "e2-standard-4"
+}
+variable "source_image" {
+    type = string
+    default = "windows-server-2016-dc-v20211216"
+}
+variable "account_file" {
+    type = string
+}
+variable "packer_username" {
+    type = string
+    default = "packer_user"
+}
+variable "packer_user_password" {
+    type = string
+    default = "Passw0rd"
+}
+
+
+
+source "googlecompute" "mimikatz-15" {
+    image_name = "mimikatz-15"
+    project_id = "${var.project_id}"
+    source_image = "${var.source_image}"
+    zone = "${var.zone}"
+    disk_size = 50
+    machine_type = "${var.machine_type}"
+    account_file = "${var.account_file}"
+    communicator = "winrm"
+    winrm_username = "${var.packer_username}"
+    winrm_password = "${var.packer_user_password}"
+    winrm_insecure = true
+    winrm_use_ssl = true
+    metadata = {
+      sysprep-specialize-script-cmd = "winrm quickconfig -quiet & net user packer_user Passw0rd /add & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
+    }
+}
+
+build {
+    sources = [
+        "source.googlecompute.mimikatz-15",
+    ]
+    provisioner "ansible" {
+        only = ["googlecompute.mimikatz-15"]
+        use_proxy = false
+        user = "${var.packer_username}"
+        playbook_file = "./packer/setup_mimikatz_15.yml"
+        ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
+        extra_arguments = [
+                "-e", "ansible_winrm_transport=ntlm ansible_winrm_server_cert_validation=ignore",
+                "-e", "ansible_password=${var.packer_user_password}",
+                "-vvv"
+        ]
+    }
+}

From 04d050be7dc96ef11389e9be81054a1659bb3c90 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 10 Aug 2023 17:14:40 +0000
Subject: [PATCH 2/4] BB: Deny access for PowerShell on mimikatz-15

---
 envs/monkey_zoo/terraform/firewalls.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/envs/monkey_zoo/terraform/firewalls.tf b/envs/monkey_zoo/terraform/firewalls.tf
index 5ce76a15fef..bf04ffc7cc4 100644
--- a/envs/monkey_zoo/terraform/firewalls.tf
+++ b/envs/monkey_zoo/terraform/firewalls.tf
@@ -323,9 +323,9 @@ resource "google_compute_firewall" "deny-rdp64-rdp65-to-others" {
   source_tags = ["rdp-64", "rdp-65"]
 }
 
-// We are disabling PowerShell because we want only RDP to run on these machines
+// We are disabling PowerShell because we want only RDP\SMB to run on these machines
 // and we can't do it via Packer because it uses WinRM to configure the instances
-resource "google_compute_firewall" "deny-powershell-on-rdp" {
+resource "google_compute_firewall" "deny-powershell-on-rdp-and-smb" {
  name    = "deny-powershell-on-rdp"
  network = google_compute_network.monkeyzoo.name
 
@@ -337,5 +337,5 @@ resource "google_compute_firewall" "deny-powershell-on-rdp" {
  priority = "998"
 
  source_ranges = ["0.0.0.0/0"]
- target_tags   = ["rdp-64", "rdp-65"]
+ target_tags   = ["rdp-64", "rdp-65", "mimikatz-14", "mimikatz-15"]
 }

From 16bf218269d48d070f13616c957401fd02de286f Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Fri, 11 Aug 2023 14:34:38 +0000
Subject: [PATCH 3/4] BB: Disable SMBv2 and enable SMBv1 on mimikatz-15

The reason is the SMB and WMI plugin now choose the latest
SMB version so in order to have two machines with different
version of protocol we enable only SMBv1 on this machine
---
 envs/monkey_zoo/packer/setup_mimikatz_15.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/envs/monkey_zoo/packer/setup_mimikatz_15.yml b/envs/monkey_zoo/packer/setup_mimikatz_15.yml
index 53c859eb8e7..6f043dc1292 100644
--- a/envs/monkey_zoo/packer/setup_mimikatz_15.yml
+++ b/envs/monkey_zoo/packer/setup_mimikatz_15.yml
@@ -16,16 +16,23 @@
           - Administrators
           - "Remote Desktop Users"
 
-    - name: Disable SMBv1
+    - name: Enable SMBv1
       ansible.windows.win_optional_feature:
         name: SMB1Protocol
-        state: absent
+        state: present
+
+    - name: Disable SMBv2 using win_regedit
+      ansible.windows.win_regedit:
+        path: HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters
+        name: SMB2
+        data: 0
+        type: dword
+        state: present
 
     - name: Allow port 445 SMB
       win_command:
         cmd: netsh advfirewall firewall add rule name="Allow Port 445" dir=in action=allow protocol=TCP localport=445
 
-
     - name: Change the hostname to mimikatz-15
       ansible.windows.win_hostname:
         name: mimikatz-15

From d46f426cff637a4e8c100acdd03e218fc12547ad Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Fri, 11 Aug 2023 16:41:40 +0000
Subject: [PATCH 4/4] BB: Delete packer_user after finshing with all tasks

---
 envs/monkey_zoo/packer/setup_mimikatz_15.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/envs/monkey_zoo/packer/setup_mimikatz_15.yml b/envs/monkey_zoo/packer/setup_mimikatz_15.yml
index 6f043dc1292..6c2a95ad0dd 100644
--- a/envs/monkey_zoo/packer/setup_mimikatz_15.yml
+++ b/envs/monkey_zoo/packer/setup_mimikatz_15.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create a new user
+- name: Create a mimikatz-15 machine image
   hosts: all
   vars:
     ansible_remote_tmp: C:\Windows\Temp
@@ -41,3 +41,8 @@
     - name: Reboot
       ansible.windows.win_reboot:
       when: res.reboot_required
+
+    - name: Delete packer_user
+      win_user:
+        name: packer_user
+        state: absent