What is it?
When people are looking to get into cybersecurity one of the first lessons they are taught is to use linux and more to the point Kali Linux. Now don't get me wrong even I started out using things like Backtrack or ParrotSec. However, when on a penetration test there are times when trying to navigate the Active Directory infrastructure and internal network of a company that Microsoft Windows is just easier and provides a quicker solution. It is for this reason that I have started to look more into Windows Commando and the solutions it offers. Developed by Fireeye a well known company in the security space, Commando is essentially the Kali Linux of Windows variants. Fireeye has done well to include things such as burpsuite, nmap, netcat, metasploit, and so many other tools that you would commonly find and use in Kali. Also, for those times where you absolutely need to use something that is only available on Linux, the WSL2 variant of Kali can be installed easily enough with 'cist kali.fireeye --timeout 8000'. The reason for the timeout is that when you install Kali via cist if it does not finish installing the application and subsequent kali updates in time, then it will error out and assume the install didn't finish. This will require a second run of the command so that it can validate the install.
How to Install Commando?
In order to install Windows Commando you will need to make sure you have either the Home or Professional editions of Windows 7 or Windows 10. This should be installed to your virtualization platform of choice, i.e VMWare, Virtural Box, Hyper-V, etc. Once Windows is setup then you will need to make sure it is completely updated before moving on to acquiring and setting up Commando.
As you can see in Figure 1, my Windows installation is pretty old so after a revert I needed to install a lot of updates. Once this is done then we can go to the github site for Fireeye Commando at https://github.com/fireeye/commando-vm.
Here you will select the code drop down and download the zip file containing the entire repository.
Select 'Download ZIP' and you will be presented with the option in Edge to either Open, Save, or Cancel make sure to select Save.
Once you select Save it will then save the .zip file into your default Downloads folder.
Once the download completes go ahead and select Open Folder, this will bring you to the Downloads folder in which it was saved.
After you open the Downloads folder go ahead and click the compressed folder for your commando vm master and then select Compressed Folder Tools at the top. This will give you the option to then Extract all.
Once you select Extract All you will be presented with a menu, just select extract and your extracted directory will be presented as soon as its done. You can close out of this presented directory and all windows so that you are now viewing your desktop.
Once at your desktop click the windows logo in the bottom left hand of the screen and type in powershell. This will bring up the application and you can then right click and select "Run as Administrator".
After you select Run as Administrator you will be prompted with the UAC at this point go ahead and select Yes so that you can be brought to an administrative PowerShell session.
Once in PowerShell navigate to the unzipped directory that you extracted earlier. It is at this point you will run the following commands:
- Unblock-File .\install.ps1
- Set-ExecutionPolicy Unrestricted -f
- .\install.ps1
Due to the new Defender Tamper Protection you will need to disable before the script will continue as you can see below.
To disable this enter your Windows Security settings, select Virus & threat protection, then Manage setting under Virus & threat protection settings, finally turn off Tamper Protection. I would also advise turning off Defender all together so that you don't have programs end up in quarantine. As this is an offensive security platform anti-malware protection would be detrimental to its operation.
After you remove tamper protection go ahead and run the install again, at this point if you haven't taken a snapshot of your machine before installing commando you should probably do so and it is even nice enough to ask you this very question.
Once you continue on you will be presented with a readme, please make sure to either copy this or screenshot it once time has elapsed the install will begin. It will start out by installing Boxstarter and Choclatey, followed by installing all other applications in the base install. It will take time so either do this early in the day or be prepared for a late night.
Your computer will restart a few times during this process which is why it is benefitial to include your password with the ./install.ps1 -password <password> option. This will allow it to logon and continue the process without needing you to enter your password everytime. At some point your command prompt will show an error about imported commands as seen below, here you will need to hit enter in order to continue in the installation process.
Figure 17: Commando Pause
You will know the process is finally complete when your background changes to the Fireeye Commando logo.
At the end you will see Type ENTER to exit: hit enter and you will officially be done. Thank you for following along and if you would like further information please review the Fireeye github page or you can also subscribe to Cyber Warrior Studios on YouTube at the below link for some more videos on how Commando VM works.