Commando VM for Pentesting With Windows

3dWardW0ng · March 31, 2019, 7:12pm

Hello Everyone,

Just a really quick share with you all on a recent VM release from fireeye !

Hope you all enjoy giving it a trial let me know what you think.

3dWardW0ng

toaster · April 1, 2019, 3:44am

I installed it recently, took hours. Still testing . I’ll post pics shortly

MaangoTaachyon · April 1, 2019, 11:56am

Can’t wait to try it out as I’m moving to a mostly Windows environment soon enough, I’ll install it then.

scriptkitties · April 2, 2019, 7:44pm

I think its a good way to run under the radar, considering most network monitors already look for kali host names, only been able to play around a little but so far has everything i expected.

Nitrax · April 5, 2019, 8:47am

It would be very amateurish for any experienced hackers to use a Kali VM for pentesting engagements or ops

scriptkitties · April 5, 2019, 2:36pm

very true, but our local red team is a bit lazy, makes it way easier for my blue team to work

c0wm1lk · April 5, 2019, 3:41pm

I’m a bit confused, how exactly is this a VM?
It seems like all they offer you is a one click installation for a whole bunch of penetration testing software.

scriptkitties · April 5, 2019, 10:00pm

its not a VM image or ISO, its meant to be installed on a win10 or win7 VM you already have provisioned, so yeah the name is a bit inaccurate

c0wm1lk · April 5, 2019, 10:57pm

I see, well I don’t like bloat that much so I’ll probably hold off on this one.
But I did check out what tools they have and I don’t know all of them, so I’m just going to use it as a reference point to learn more pentester tools.

Alice · April 12, 2019, 3:21am

The installation script gets rid of all the shitty default programs… I can confirm that.

Alice · April 12, 2019, 11:43am

Installed it last night and slept while it was installing. I took a peek at the installation script which is pretty much a powershell script, but hey… it works. Anyways, pretty much the script uses boxstarter (https://boxstarter.org/) which after reading what it is on their site, choco is like a repo on Linux which are used for apt and installing packages and dependencies.

Personally, this seems like a great idea and I am kind of impressed?

toaster · April 14, 2019, 5:53pm

Yes i installed it as well. Took hours but, it was worth it. I enjoy this experience.

unlimited_error · April 19, 2019, 8:42am

Thank yoı, i’m going to install it

Haquor · June 25, 2019, 10:19pm

After testing this a little, it’s definitely better on a VM. You can install it straight to the physical machine, but during the install it disables a lot of security features to make the installs go smoother.

Also, if you run into issues, being able to rollback to snapshots really helps.

c0z · May 10, 2020, 7:59pm

So what I did on both the physical machine I installed CVM on and the virtual machine was I installed flare-vm on top of it. I also installed mingw-x64 and Pelles-C IDE among a bunch of other debuggers and decompilers that were not installed by default. I don’t personally like using chocolatey for installing new programs though, I don’t know why. Maybe it’s just because I’m old

I personally like having both a virtual machine (obviously) and a physical system. The physical system boots a lot faster due to being on raw hardware while the VM is useful for malware analysis because you control the environment, can rollback, can clone, can edit the existence of every instance you create to your hearts content easier than the raw hardware counterpart.

Of course this is just my personal opinion like saying geany is better than notepad++, or using pulma over gvim

red_caprica · May 13, 2020, 4:47pm

This looks great, thank you for sharing.

yeezi · May 13, 2020, 5:14pm

I waited too long to get a good Windows VM on-hand. After using Commando, I don’t want to go into an AD environment without it.