From 80138035b0e3f1152cd7b3c7ee1728bab62e3ddd Mon Sep 17 00:00:00 2001 From: MalwareMechanic Date: Wed, 21 Dec 2022 12:57:35 -0500 Subject: [PATCH 1/3] Add npcap package and update wireshark package Npcap package uses AutoHotkey to click through installer windows Closes #193 --- packages/npcap.vm/npcap.vm.nuspec | 14 +++++ packages/npcap.vm/tools/chocolateyinstall.ps1 | 31 ++++++++++ .../npcap.vm/tools/chocolateyuninstall.ps1 | 6 ++ packages/npcap.vm/tools/install.ahk | 56 +++++++++++++++++++ packages/wireshark.vm/wireshark.vm.nuspec | 3 +- 5 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 packages/npcap.vm/npcap.vm.nuspec create mode 100644 packages/npcap.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/npcap.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/npcap.vm/tools/install.ahk diff --git a/packages/npcap.vm/npcap.vm.nuspec b/packages/npcap.vm/npcap.vm.nuspec new file mode 100644 index 000000000..045d81fdb --- /dev/null +++ b/packages/npcap.vm/npcap.vm.nuspec @@ -0,0 +1,14 @@ + + + + npcap.vm + 1.72 + Nmap Project + Npcap is an architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver. + + + + + + + diff --git a/packages/npcap.vm/tools/chocolateyinstall.ps1 b/packages/npcap.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..55b3b3f74 --- /dev/null +++ b/packages/npcap.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,31 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'npcap' + $exeUrl = 'https://npcap.com/dist/npcap-1.72.exe' + $exeSha256 = 'b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1' + $installerName = Split-Path -Path $exeUrl -Leaf + + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $exeUrl + checksum = $exeSha256 + checksumType = "sha256" + fileFullPath = Join-Path ${Env:TEMP} $installerName + } + Get-ChocolateyWebFile @packageArgs + VM-Assert-Path $packageArgs.fileFullPath + + $ahkInstaller = Join-Path $(Split-Path $MyInvocation.MyCommand.Definition) "install.ahk" -Resolve + $ahkExe = Join-Path ${Env:ChocolateyInstall} "lib\autohotkey.portable\tools\AutoHotkey.exe" -Resolve + $rc = (Start-Process -FilePath $ahkExe -ArgumentList "$ahkInstaller $($packageArgs.fileFullPath)" -PassThru -Wait).ExitCode + if ($rc -eq 1) { + throw "AutoHotKey returned a failure exit code ($rc) for: ${Env:ChocolateyPackageName}" + } else { + VM-Assert-Path $(Join-Path ${Env:PROGRAMFILES} "Npcap\npcap.cat") + } +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/npcap.vm/tools/chocolateyuninstall.ps1 b/packages/npcap.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..1cd693a60 --- /dev/null +++ b/packages/npcap.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,6 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'npcap' +VM-Uninstall-With-Uninstaller $toolName "EXE" "/S" + diff --git a/packages/npcap.vm/tools/install.ahk b/packages/npcap.vm/tools/install.ahk new file mode 100644 index 000000000..54939be5d --- /dev/null +++ b/packages/npcap.vm/tools/install.ahk @@ -0,0 +1,56 @@ +#NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases. +#Warn ; Enable warnings to assist with detecting common errors. +#SingleInstance, force ; Ensure a single instance of this script +SendMode Input ; Recommended for new scripts due to its superior speed and reliability. +SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory. +SetTitleMatchMode, RegEx ; Enable regular expressions in title matches + +; Handle installation +installer = %1% +Run, %installer% /loopback_support=no +installerTitle := "i)npcap .* setup" +WinWait, %installerTitle%,,20 +WinActivate + +exitCode := 1 +loop, 20 +{ + if WinExist(installerTitle, "i).*license agreement.*") + { + BlockInput, On + WinActivate + Sleep, 500 + ControlSend,, {Enter} + Sleep, 500 + ControlSend,, {Enter} + BlockInput, Off + } + if WinExist(installerTitle, "i).*installing.*") + { + Sleep, 5000 + } + if WinExist(installerTitle, "i).*installation complete.*") + { + BlockInput, On + WinActivate + Sleep, 500 + ControlSend,, {Enter} + Sleep, 500 + ControlSend,, {Enter} + BlockInput, Off + exitCode := 0 + break + } + if WinExist(installerTitle, "i).*already installed.*") + { + BlockInput, On + WinActivate + Sleep, 500 + ControlSend,, {Enter} + BlockInput, Off + exitCode := 0 + break + } + Sleep 1000 +} +ExitApp %exitCode% \ No newline at end of file diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index 016c4fd6a..903cd3618 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,11 +2,12 @@ wireshark.vm - 4.0.2 + 4.0.2.20221221 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team + From e67d414d9fde20d37c20cdadc3a851e6e8c7a832 Mon Sep 17 00:00:00 2001 From: MalwareMechanic Date: Wed, 21 Dec 2022 13:14:58 -0500 Subject: [PATCH 2/3] Fix linting issues --- packages/npcap.vm/tools/chocolateyinstall.ps1 | 1 - packages/npcap.vm/tools/chocolateyuninstall.ps1 | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/npcap.vm/tools/chocolateyinstall.ps1 b/packages/npcap.vm/tools/chocolateyinstall.ps1 index 55b3b3f74..bbff3fe7d 100644 --- a/packages/npcap.vm/tools/chocolateyinstall.ps1 +++ b/packages/npcap.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,6 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking try { - $toolName = 'npcap' $exeUrl = 'https://npcap.com/dist/npcap-1.72.exe' $exeSha256 = 'b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1' $installerName = Split-Path -Path $exeUrl -Leaf diff --git a/packages/npcap.vm/tools/chocolateyuninstall.ps1 b/packages/npcap.vm/tools/chocolateyuninstall.ps1 index 1cd693a60..0b5298654 100644 --- a/packages/npcap.vm/tools/chocolateyuninstall.ps1 +++ b/packages/npcap.vm/tools/chocolateyuninstall.ps1 @@ -1,6 +1,5 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking -$toolName = 'npcap' -VM-Uninstall-With-Uninstaller $toolName "EXE" "/S" +VM-Uninstall-With-Uninstaller "Npcap*" "EXE" "/S" From 4454e7e5d5da30830e316c15ba9b4dd9d52382ef Mon Sep 17 00:00:00 2001 From: MalwareMechanic Date: Wed, 21 Dec 2022 13:41:24 -0500 Subject: [PATCH 3/3] Update to use virtual AutoHotkey package --- packages/npcap.vm/npcap.vm.nuspec | 2 +- packages/npcap.vm/tools/chocolateyinstall.ps1 | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/npcap.vm/npcap.vm.nuspec b/packages/npcap.vm/npcap.vm.nuspec index 045d81fdb..b54eac7f8 100644 --- a/packages/npcap.vm/npcap.vm.nuspec +++ b/packages/npcap.vm/npcap.vm.nuspec @@ -7,7 +7,7 @@ Npcap is an architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver. - + diff --git a/packages/npcap.vm/tools/chocolateyinstall.ps1 b/packages/npcap.vm/tools/chocolateyinstall.ps1 index bbff3fe7d..a5daf8355 100644 --- a/packages/npcap.vm/tools/chocolateyinstall.ps1 +++ b/packages/npcap.vm/tools/chocolateyinstall.ps1 @@ -17,8 +17,7 @@ try { VM-Assert-Path $packageArgs.fileFullPath $ahkInstaller = Join-Path $(Split-Path $MyInvocation.MyCommand.Definition) "install.ahk" -Resolve - $ahkExe = Join-Path ${Env:ChocolateyInstall} "lib\autohotkey.portable\tools\AutoHotkey.exe" -Resolve - $rc = (Start-Process -FilePath $ahkExe -ArgumentList "$ahkInstaller $($packageArgs.fileFullPath)" -PassThru -Wait).ExitCode + $rc = (Start-Process -FilePath $ahkInstaller -ArgumentList $packageArgs.fileFullPath -PassThru -Wait).ExitCode if ($rc -eq 1) { throw "AutoHotKey returned a failure exit code ($rc) for: ${Env:ChocolateyPackageName}" } else {