Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wireshark not fully functional with wireshark.vm package #193

Closed
An00bRektn opened this issue Dec 19, 2022 · 6 comments · Fixed by #196
Closed

Wireshark not fully functional with wireshark.vm package #193

An00bRektn opened this issue Dec 19, 2022 · 6 comments · Fixed by #196
Assignees
@MalwareMechanic
Labels
🐛 bug Something isn't working

Comments

@An00bRektn
Copy link

An00bRektn commented Dec 19, 2022
edited
Loading

What's the problem?

I was setting up Flare-VM today, and when I was going through to check that all of the apps worked before committing to a screenshot, Wireshark showed this:

image

There was no error in the Wireshark install.

2022-12-19 11:36:14,949 1316 [DEBUG] - Capturing package files in 'C:\ProgramData\chocolatey\lib\wireshark.vm'
2022-12-19 11:36:14,949 1316 [DEBUG] -  Found 'C:\ProgramData\chocolatey\lib\wireshark.vm\wireshark.vm.nupkg'
  with checksum '536D8D50CB171FDEB66E7F114205A0F8'
2022-12-19 11:36:14,949 1316 [DEBUG] -  Found 'C:\ProgramData\chocolatey\lib\wireshark.vm\wireshark.vm.nuspec'
  with checksum '3B93C94224B85D9C672A5E130FB4E84C'
2022-12-19 11:36:14,949 1316 [DEBUG] -  Found 'C:\ProgramData\chocolatey\lib\wireshark.vm\tools\chocolateyinstall.ps1'
  with checksum 'F91E562DC34E22C3230D68AEB63A8CC5'
2022-12-19 11:36:14,949 1316 [DEBUG] -  Found 'C:\ProgramData\chocolatey\lib\wireshark.vm\tools\chocolateyuninstall.ps1'
  with checksum '40F98DEF8545B0B51384127814CBF98C'
2022-12-19 11:36:14,949 1316 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\.chocolatey\wireshark.vm.4.0.2".
2022-12-19 11:36:14,949 1316 [DEBUG] - There was no original file at 'C:\ProgramData\chocolatey\.chocolatey\wireshark.vm.4.0.2\.files'
2022-12-19 11:36:14,983 1316 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\wireshark.vm.4.0.2\.extra".
2022-12-19 11:36:14,983 1316 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\wireshark.vm.4.0.2\.version".
2022-12-19 11:36:14,983 1316 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\wireshark.vm.4.0.2\.sxs".
2022-12-19 11:36:14,983 1316 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\wireshark.vm.4.0.2\.pin".
2022-12-19 11:36:14,983 1316 [DEBUG] - Sending message 'HandlePackageResultCompletedMessage' out if there are subscribers...
2022-12-19 11:36:14,983 1316 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\lib\wireshark.vm\.chocolateyPending".
2022-12-19 11:36:14,983 1316 [INFO ] -  The install of wireshark.vm was successful.
2022-12-19 11:36:14,983 1316 [INFO ] -   Software install location not explicitly set, it could be in package or
  default install location of installer.
2022-12-19 11:36:14,983 1316 [DEBUG] - Attempting to delete file "C:\Users\sreisz\AppData\Local\NuGet\Cache\wireshark.vm.4.0.2.nupkg".
2022-12-19 11:36:14,997 1316 [WARN ] - 
Chocolatey installed 2/2 packages.

I haven't looked into the issue enough yet to say if it's an issue on my end, or an issue with Chocolatey, or an issue with the packages, but I thought I'd report it anyway in case anyone else has the same issue.

Steps to Reproduce

Install Flare-VM as directed in the README of the Flare repo

Environment

2022/12/19 10:56:28 vm.common.psm1 [+] INFO : Host Information

VM OS version and Service Pack
-----


Version                 : 10.0.19044
BuildNumber             : 19044
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 10 Enterprise Evaluation





VM OS RAM (MB)
-----
0


VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName      Size        FreeSpace  
-------- --------- ------------ ----------      ----        ---------  
C:       3                                      63834492928 42894872576
D:       5                      VBox_GAs_6.1.40 63883264    0          




VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.19041.1237

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
1.2.1

VM Boxstarter Version
-----

Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0




VM Installed Packages
-----
Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0
chocolatey|1.2.1
common.vm|0.0.0.20221201


Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
TOOL_LIST_SHORTCUT: C:\Users\sreisz\Desktop\Tools.lnk
RAW_TOOLS_DIR: C:\Tools

2022/12/19 11:00:07 [apimonitor.vm] vm.common.psm1 [+] ERROR : [ERR] Cannot find path 'C:\ProgramData\chocolatey\bin\apimonitor-x86.exe' because it does not exist.
At C:\ProgramData\chocolatey\lib\apimonitor.vm\tools\chocolateyinstall.ps1:9 char:23
+ ... blePath32 = Join-Path ${Env:ChocolateyInstall} "bin\apimonitor-x86.ex ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] INFO : Packages installed:
010editor.vm|12.0.1
7zip-15-05.vm|15.05
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20220224
apktool|2.7.0
apktool.vm|2.7.0
Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0
capa.vm|4.0.1
chocolatey|1.2.1
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.10.2
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.20
cmder.vm|1.3.20.20221201
common.vm|0.0.0.20221201
cutter.vm|2.1.2
cyberchef.vm|9.49.0.20221201
Cygwin|3.2.0
cygwin.vm|3.2.0.20221201
die.vm|3.02.20220113
dnspyex|6.2.0
dnspyex.vm|6.2.0
dotnetfx|4.8.0.20220524
explorersuite.vm|0.0.0.20221115
fakenet-ng.vm|1.4.11.20221115
flarevm.installer.vm|0.0.0.20221201
floss.vm|2.1.0
ghidra|10.1.2
ghidra.vm|10.1.2
hashmyfiles.vm|0.0.0.20220113
idafree.vm|7.6
javaruntime|8.0.231
jre8|8.0.351
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
libraries.python3.vm|0.0.0.20221203
map.vm|0.24
notepadplusplus|8.4.7
notepadplusplus.install|8.4.7
notepadplusplus.vm|8.4.7.20221129
notepadpp.plugin.compare.vm|2.0.1.20211225
ollydbg.ollydumpex.vm|1.80
ollydbg.vm|1.10.0.20220908
ollydbg2.ollydumpex.vm|1.80
ollydbg2.vm|2.01
openjdk11|11.0.16.20220913
peid.vm|0.95.0.20221115
processdump.vm|2.1.1.20220908
python3|3.9.13
regshot.vm|1.9.1
rundotnetdll.vm|2.2
sysinternals|2022.11.28
sysinternals.vm|2022.11.28.20221201
Temurin11|11.0.17.800
uniextract2.vm|2.0.0.20220113
vcbuildtools.vm|0.0.0.20221201
vcredist140|14.34.31931
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
visualstudio2017buildtools|15.9.50.0
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
wireshark|4.0.2
wireshark.vm|4.0.2
x64dbg.ollydumpex.vm|1.80
x64dbg.vm|2021.05.08
x64dbgpy.vm|1.0.56.20211021

2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : Failed to install: GoogleChrome
2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : For each failed package, you may attempt a manual install via: choco install -y <package_name>
2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : Failed package list saved to: C:\Users\sreisz\Desktop\failed_packages.txt
2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : Please check the following logs for additional errors:
2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : 	C:\ProgramData\_VM\log.txt (this file)
2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : 	%PROGRAMDATA%\chocolatey\logs\chocolatey.log
2022/12/19 11:37:29 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : 	%LOCALAPPDATA%\Boxstarter\boxstarter.log
2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] INFO : Packages installed:
010editor.vm|12.0.1
7zip-15-05.vm|15.05
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20220224
apktool|2.7.0
apktool.vm|2.7.0
Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0
capa.vm|4.0.1
chocolatey|1.2.1
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.10.2
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.20
cmder.vm|1.3.20.20221201
common.vm|0.0.0.20221201
cutter.vm|2.1.2
cyberchef.vm|9.49.0.20221201
Cygwin|3.2.0
cygwin.vm|3.2.0.20221201
die.vm|3.02.20220113
dnspyex|6.2.0
dnspyex.vm|6.2.0
DotNet4.5.2|4.5.2.20140902
dotnetfx|4.8.0.20220524
explorersuite.vm|0.0.0.20221115
fakenet-ng.vm|1.4.11.20221115
flarevm.installer.vm|0.0.0.20221201
floss.vm|2.1.0
ghidra|10.1.2
ghidra.vm|10.1.2
hashmyfiles.vm|0.0.0.20220113
idafree.vm|7.6
javaruntime|8.0.231
jre8|8.0.351
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
libraries.python3.vm|0.0.0.20221203
map.vm|0.24
notepadplusplus|8.4.7
notepadplusplus.install|8.4.7
notepadplusplus.vm|8.4.7.20221129
notepadpp.plugin.compare.vm|2.0.1.20211225
ollydbg.ollydumpex.vm|1.80
ollydbg.vm|1.10.0.20220908
ollydbg2.ollydumpex.vm|1.80
ollydbg2.vm|2.01
openjdk11|11.0.16.20220913
peid.vm|0.95.0.20221115
processdump.vm|2.1.1.20220908
python3|3.9.13
regshot.vm|1.9.1
rundotnetdll.vm|2.2
sysinternals|2022.11.28
sysinternals.vm|2022.11.28.20221201
Temurin11|11.0.17.800
uniextract2.vm|2.0.0.20220113
vcbuildtools.vm|0.0.0.20221201
vcredist140|14.34.31931
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
visualstudio2017buildtools|15.9.50.0
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
vscode|1.74.1
vscode.install|1.74.1
wireshark|4.0.2
wireshark.vm|4.0.2
x64dbg.ollydumpex.vm|1.80
x64dbg.vm|2021.05.08
x64dbgpy.vm|1.0.56.20211021

2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : Failed to install: GoogleChrome
2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : For each failed package, you may attempt a manual install via: choco install -y <package_name>
2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : Failed package list saved to: C:\Users\sreisz\Desktop\failed_packages.txt
2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : Please check the following logs for additional errors:
2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : 	C:\ProgramData\_VM\log.txt (this file)
2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : 	%PROGRAMDATA%\chocolatey\logs\chocolatey.log
2022/12/19 13:04:05 [flarevm.installer.vm] chocolateyinstall.ps1 [+] ERROR : 	%LOCALAPPDATA%\Boxstarter\boxstarter.log
2022/12/19 14:18:00 vm.common.psm1 [+] INFO : Host Information

VM OS version and Service Pack
-----


Version                 : 10.0.19044
BuildNumber             : 19044
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 10 Enterprise Evaluation





VM OS RAM (MB)
-----
0


VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName      Size        FreeSpace  
-------- --------- ------------ ----------      ----        ---------  
C:       3                                      63834492928 23889960960
D:       5                      VBox_GAs_6.1.40 63883264    0          




VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.19041.1237

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
1.2.1

VM Boxstarter Version
-----

Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0




VM Installed Packages
-----
010editor.vm|12.0.1
7zip-15-05.vm|15.05
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20220224
apktool|2.7.0
apktool.vm|2.7.0
autopsy|4.19.3
Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0
capa.vm|4.0.1
chocolatey|1.2.1
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.10.2
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.20
cmder.vm|1.3.20.20221201
common.vm|0.0.0.20221201
cutter.vm|2.1.2
cyberchef.vm|9.49.0.20221201
Cygwin|3.2.0
cygwin.vm|3.2.0.20221201
die.vm|3.02.20220113
dnspyex|6.2.0
dnspyex.vm|6.2.0
DotNet4.5.2|4.5.2.20140902
dotnetfx|4.8.0.20220524
explorersuite.vm|0.0.0.20221115
fakenet-ng.vm|1.4.11.20221115
flarevm.installer.vm|0.0.0.20221201
floss.vm|2.1.0
ghidra|10.1.2
ghidra.vm|10.1.2
hashmyfiles.vm|0.0.0.20220113
idafree.vm|7.6
imhex|1.25.0
javaruntime|8.0.231
jre8|8.0.351
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
libraries.python3.vm|0.0.0.20221203
map.vm|0.24
notepadplusplus|8.4.7
notepadplusplus.install|8.4.7
notepadplusplus.vm|8.4.7.20221129
notepadpp.plugin.compare.vm|2.0.1.20211225
ollydbg.ollydumpex.vm|1.80
ollydbg.vm|1.10.0.20220908
ollydbg2.ollydumpex.vm|1.80
ollydbg2.vm|2.01
openjdk11|11.0.16.20220913
pebear|0.6.1
peid.vm|0.95.0.20221115
processdump.vm|2.1.1.20220908
python3|3.9.13
regshot.vm|1.9.1
rundotnetdll.vm|2.2
sysinternals|2022.11.28
sysinternals.vm|2022.11.28.20221201
Temurin11|11.0.17.800
uniextract2.vm|2.0.0.20220113
vcbuildtools.vm|0.0.0.20221201
vcredist140|14.34.31931
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
visualstudio2017buildtools|15.9.50.0
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
vscode|1.74.1
vscode.install|1.74.1
wireshark|4.0.2
wireshark.vm|4.0.2
x64dbg.ollydumpex.vm|1.80
x64dbg.vm|2021.05.08
x64dbgpy.vm|1.0.56.20211021


Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
TOOL_LIST_SHORTCUT: C:\Users\sreisz\Desktop\Tools.lnk
RAW_TOOLS_DIR: C:\Tools

2022/12/19 14:22:06 vm.common.psm1 [+] INFO : Host Information

VM OS version and Service Pack
-----


Version                 : 10.0.19044
BuildNumber             : 19044
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 10 Enterprise Evaluation





VM OS RAM (MB)
-----
0


VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName      Size        FreeSpace  
-------- --------- ------------ ----------      ----        ---------  
C:       3                                      63834492928 23890374656
D:       5                      VBox_GAs_6.1.40 63883264    0          




VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.19041.1237

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
1.2.1

VM Boxstarter Version
-----

Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0




VM Installed Packages
-----
010editor.vm|12.0.1
7zip-15-05.vm|15.05
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20220224
apktool|2.7.0
apktool.vm|2.7.0
autopsy|4.19.3
Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0
capa.vm|4.0.1
chocolatey|1.2.1
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.10.2
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.20
cmder.vm|1.3.20.20221201
common.vm|0.0.0.20221201
cutter.vm|2.1.2
cyberchef.vm|9.49.0.20221201
Cygwin|3.2.0
cygwin.vm|3.2.0.20221201
die.vm|3.02.20220113
dnspyex|6.2.0
dnspyex.vm|6.2.0
DotNet4.5.2|4.5.2.20140902
dotnetfx|4.8.0.20220524
explorersuite.vm|0.0.0.20221115
fakenet-ng.vm|1.4.11.20221115
flarevm.installer.vm|0.0.0.20221201
floss.vm|2.1.0
ghidra|10.1.2
ghidra.vm|10.1.2
hashmyfiles.vm|0.0.0.20220113
idafree.vm|7.6
imhex|1.25.0
javaruntime|8.0.231
jre8|8.0.351
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
libraries.python3.vm|0.0.0.20221203
map.vm|0.24
notepadplusplus|8.4.7
notepadplusplus.install|8.4.7
notepadplusplus.vm|8.4.7.20221129
notepadpp.plugin.compare.vm|2.0.1.20211225
ollydbg.ollydumpex.vm|1.80
ollydbg.vm|1.10.0.20220908
ollydbg2.ollydumpex.vm|1.80
ollydbg2.vm|2.01
openjdk11|11.0.16.20220913
pebear|0.6.1
peid.vm|0.95.0.20221115
processdump.vm|2.1.1.20220908
python3|3.9.13
regshot.vm|1.9.1
rundotnetdll.vm|2.2
sysinternals|2022.11.28
sysinternals.vm|2022.11.28.20221201
Temurin11|11.0.17.800
uniextract2.vm|2.0.0.20220113
vcbuildtools.vm|0.0.0.20221201
vcredist140|14.34.31931
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
visualstudio2017buildtools|15.9.50.0
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
vscode|1.74.1
vscode.install|1.74.1
wireshark|4.0.2
wireshark.vm|4.0.2
x64dbg.ollydumpex.vm|1.80
x64dbg.vm|2021.05.08
x64dbgpy.vm|1.0.56.20211021


Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
TOOL_LIST_SHORTCUT: C:\Users\sreisz\Desktop\Tools.lnk
RAW_TOOLS_DIR: C:\Tools

2022/12/19 14:23:22 vm.common.psm1 [+] INFO : Host Information

VM OS version and Service Pack
-----


Version                 : 10.0.19044
BuildNumber             : 19044
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 10 Enterprise Evaluation





VM OS RAM (MB)
-----
0


VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName      Size        FreeSpace  
-------- --------- ------------ ----------      ----        ---------  
C:       3                                      63834492928 23890341888
D:       5                      VBox_GAs_6.1.40 63883264    0          




VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.19041.1237

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
1.2.1

VM Boxstarter Version
-----

Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0




VM Installed Packages
-----
010editor.vm|12.0.1
7zip-15-05.vm|15.05
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20220224
apktool|2.7.0
apktool.vm|2.7.0
autopsy|4.19.3
Boxstarter|3.0.0
Boxstarter.Bootstrapper|3.0.0
Boxstarter.Chocolatey|3.0.0
Boxstarter.Common|3.0.0
Boxstarter.HyperV|3.0.0
Boxstarter.WinConfig|3.0.0
capa.vm|4.0.1
chocolatey|1.2.1
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.10.2
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.20
cmder.vm|1.3.20.20221201
common.vm|0.0.0.20221201
cutter.vm|2.1.2
cyberchef.vm|9.49.0.20221201
Cygwin|3.2.0
cygwin.vm|3.2.0.20221201
die.vm|3.02.20220113
dnspyex|6.2.0
dnspyex.vm|6.2.0
DotNet4.5.2|4.5.2.20140902
dotnetfx|4.8.0.20220524
explorersuite.vm|0.0.0.20221115
fakenet-ng.vm|1.4.11.20221115
flarevm.installer.vm|0.0.0.20221201
floss.vm|2.1.0
ghidra|10.1.2
ghidra.vm|10.1.2
hashmyfiles.vm|0.0.0.20220113
idafree.vm|7.6
imhex|1.25.0
javaruntime|8.0.231
jre8|8.0.351
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
libraries.python3.vm|0.0.0.20221203
map.vm|0.24
notepadplusplus|8.4.7
notepadplusplus.install|8.4.7
notepadplusplus.vm|8.4.7.20221129
notepadpp.plugin.compare.vm|2.0.1.20211225
ollydbg.ollydumpex.vm|1.80
ollydbg.vm|1.10.0.20220908
ollydbg2.ollydumpex.vm|1.80
ollydbg2.vm|2.01
openjdk11|11.0.16.20220913
pebear|0.6.1
peid.vm|0.95.0.20221115
processdump.vm|2.1.1.20220908
python3|3.9.13
regshot.vm|1.9.1
rundotnetdll.vm|2.2
sysinternals|2022.11.28
sysinternals.vm|2022.11.28.20221201
Temurin11|11.0.17.800
uniextract2.vm|2.0.0.20220113
vcbuildtools.vm|0.0.0.20221201
vcredist140|14.34.31931
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
visualstudio2017buildtools|15.9.50.0
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
vscode|1.74.1
vscode.install|1.74.1
wireshark|4.0.2
wireshark.vm|4.0.2
x64dbg.ollydumpex.vm|1.80
x64dbg.vm|2021.05.08
x64dbgpy.vm|1.0.56.20211021


Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
TOOL_LIST_SHORTCUT: C:\Users\sreisz\Desktop\Tools.lnk
RAW_TOOLS_DIR: C:\Tools

Detected by test suite

I don't know
@An00bRektn An00bRektn added the 🐛 bug Something isn't working label Dec 19, 2022
@mr-tz
Copy link
Contributor

mr-tz commented Dec 20, 2022
edited
Loading

Good find, we rely on the community package, which has a history for issues here due to not installing Npcap when using the silent /S switch, see https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallWinInstall.html#ChBuildInstallWinWiresharkCommandLine.

Npcap does not seem to be installable easily. We may have to create our own package instead.

@MalwareMechanic MalwareMechanic self-assigned this Dec 20, 2022
@mr-tz mr-tz mentioned this issue Dec 21, 2022
Closed
MalwareMechanic added a commit to MalwareMechanic/VM-Packages that referenced this issue Dec 21, 2022
@MalwareMechanic
Add npcap package and update wireshark package
8013803 
Npcap package uses AutoHotkey to click through installer windows

Closes mandiant#193
@MalwareMechanic MalwareMechanic mentioned this issue Dec 21, 2022
Merged
MalwareMechanic added a commit that referenced this issue Dec 21, 2022
@MalwareMechanic
Add npcap package and update wireshark package (#196)
a5d7902 
Npcap package uses AutoHotkey to click through installer windows

Closes #193
@MalwareMechanic
Copy link
Collaborator

Hey @An00bRektn, I've added npcap.vm. You can installed it via choco install npcap.vm. Please let me know if that fixes your issue 😄

@An00bRektn
Copy link
Author

Just did a fresh install with the install.ps1 script on FLARE, worked perfectly, thanks for the quick work!

I noticed a lot more packages were added to the repo as well. I don't feel like it warrants an issue in the FLARE repo yet, but I would be concerned with time how the package selector in that install script works. A bigger list may make it harder to locate certain tools, but that's just a thought for now.

@mr-tz
Copy link
Contributor

mr-tz commented Dec 23, 2022

Good point. Please let us know if you have any ideas to make this easier in the future with more and more packages.

@An00bRektn
Copy link
Author

I see that it's all implemented in some .NET/PowerShell stuff that I don't really know off the top of my head, but I think a search bar would suffice. Ideally, maybe having a drop down menu with categorized packages (e.g. Debuggers/Disassemblers, PE Analysis) like it shows up in the Tools folder would be cool, but I don't know how feasible that is.

@mr-tz
Copy link
Contributor

mr-tz commented Jan 2, 2023

These are good ideas. Tracking this in mandiant/flare-vm#432

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MalwareMechanic MalwareMechanic

Labels
🐛 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add npcap package and update wireshark package MalwareMechanic/VM-Packages
3 participants
@mr-tz @MalwareMechanic @An00bRektn