Operation did not complete successfully because the file contains a virus or potentially unwanted software.
farhangamary opened this issue · 2 comments
Issue Description
Trying to build the virtualbox artifact manually from cloned source code with packer - using the windows_2008_r2.json template, it downloads the files starts the virtualbox, installs the machine and starts it successfully:
virtualbox-iso: Mounting ISOs...
virtualbox-iso: Mounting boot ISO...
==> virtualbox-iso: Deleting any current floppy disk...
==> virtualbox-iso: Attaching floppy disk...
==> virtualbox-iso: Creating forwarded port mapping for communicator (SSH, WinRM, etc) (host port 4239)
==> virtualbox-iso: Executing custom VBoxManage commands...
virtualbox-iso: Executing: modifyvm metasploitable3-win2k8 --memory 4096
virtualbox-iso: Executing: modifyvm metasploitable3-win2k8 --cpus 2
==> virtualbox-iso: Starting the virtual machine...
==> virtualbox-iso: Waiting 10m0s for boot...
==> virtualbox-iso: Typing the boot command...
==> virtualbox-iso: Using SSH communicator to connect: 127.0.0.1
==> virtualbox-iso: Waiting for SSH to become available...
==> virtualbox-iso: Connected to SSH!
==> virtualbox-iso: Uploading VirtualBox version info (6.1.38)
==> virtualbox-iso: Uploading VirtualBox guest additions ISO...
==> virtualbox-iso: Skipping shell-local due to runtime OS
==> virtualbox-iso: Running local shell script: C:\Users\???\AppData\Local\Temp\packer-she???.cmd
virtualbox-iso:
virtualbox-iso: ???\metasploitable3>cd ????\metasploitable3\packer\templates/../../resources && powershell ???\metasploitable3\packer\templates/../../resources/download-windows-files.ps1
virtualbox-iso: Downloading dotNet 4.5.2
virtualbox-iso: Downloading Windows Management Framework 5.1
==> virtualbox-iso: Uploading ???\metasploitable3\packer\templates/../../scripts => C:/vagrant
==> virtualbox-iso: Uploading ???\metasploitable3\packer\templates/../../resources => C:/vagrant
but at the end when trying to make the vagrant box file, my windows defender, detects a backdoor or a virus and doesn't let it to get copied:
==> virtualbox-iso: Upload failed: open ???\metasploitable3\resources\backdoors\caidao.asp: Operation did not complete successfully because the file contains a virus or potentially unwanted software.
==> virtualbox-iso: Provisioning step had errors: Running the cleanup provisioner, if present...
==> virtualbox-iso: Cleaning up floppy disk...
==> virtualbox-iso: Deregistering and deleting VM...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored after 11 minutes 41 seconds: open ???\metasploitable3\resources\backdoors\caidao.asp: Operation did not complete successfully because the file contains a virus or potentially unwanted software.
==> Wait completed after 11 minutes 41 seconds
==> Some builds didn't complete successfully and had errors:
--> virtualbox-iso: open ???\metasploitable3\resources\backdoors\caidao.asp: Operation did not complete successfully because the file contains a virus or potentially unwanted software.
==> Builds finished but no artifacts were created.
Is something wrong with the whole process?
Any fix or suggestion please? - I will of course not deactivate the defender or let any harmful or suspicious file.
Host System
- OS: Windows
- Packer Version: 1.8.6
- Vagrant Version: 2.3.4
- VirtualBox Version: 6.1.38
Command Output
- Included in description.
Any fix or suggestion please?
The script is failing when accessing this backdoor:
https://github.com/rapid7/metasploitable3/blob/master/resources/backdoors/caidao.asp
You can read source code - the file contents are plain text.
You could try removing the contents of the file so that the image is built with an empty file. However, it is likely that the build will fail when processing other files, such as the other backdoors:
I will of course not deactivate the defender or let any harmful or suspicious file.
Perhaps reconsider what you are trying to achieve. You are working with intentionally vulnerable and malicious files.
If someone has network access to your Metasploitable host, a deliberately malicious or "suspicious" backdoor is barely worse than an intentionally vulnerable and exploitable application.
Yes, no backdoor could be copied because of the defender, so the script failed - I have found a safe workaround for it.
As it is explained and it was indeed no issue I am closing this report.