rapid7/metasploitable3

dotnet download is no longer available via http

jmartin-tech opened this issue · 2 comments

jmartin-tech commented

Issue Description

During initial OS installation dotnet framework 4.5 is installed to meet minimum requirements for the rest of the build. However the http url now redirects to an https download that requires TLS 1.2 that the install is depending on dotnet 4.5 to provide. This causes all downloads that require TLS 1.2 further in the build process to fail as well.

PS C:\Users\vagrant> (New-Object System.Net.WebClient).DownloadFile('http://download.microsoft.com/download/1/6/7/167F0D79-9317-48AE-AEDB-17120579F8E2/NDP451-KB2858728-x86-x64-AllOS-ENU.exe', 'C:\Windows\Temp\dotnet.exe')
Exception calling "DownloadFile" with "2" argument(s): "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
At line:1 char:47
+ (New-Object System.Net.WebClient).DownloadFile <<<< ('http://download.microsoft.com/download/1/6/7/167F0D79-9317-48AE-AEDB-17120579F8E2/NDP451-KB2858728-x86-x64-AllOS-ENU.exe', 'C:\Windows\Temp\dotnet.exe')
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

Host System

  • OS: macOS (intel) / Linux / Windows
  • Packer Version: All
  • Vagrant Version: All
  • VirtualBox Version: All
jmartin-tech commented

I have worked through a couple scenarios here and I believe I will need to shift downloads performed during autounattend.xml segment of the build into a later provisioner with either a pre-downloaded package provided from the host system or an alternate provisioner task that can preform download with TLS 1.2.

I am considering adding a pre-download script for all intermediate downloads needed during the build however in the interest of not putting more intentionally vulnerable code on the build host this idea may need adjustment.

Ideas are in the works.