-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
New malware identified when trying to download metasploitable3-master.zip #497
Comments
Chrome flagged the zip as malware and dangerous when i tried to download it as well but there are other reports of this in General Issues with some answers. Here - #280 It is important to remember that metasploitable is a vulnerable web app and should be run cautiously and in Host-Only or NAT mode.
|
Thank you, tehtw, don't worry about running this VM, I have an isolated virtual network where this machine will be running in "internal" network mode. My concerns are related to the virustotal analysis, where it finds bundled files different as the files called in previous issues (kingofclubs.exe?) and as my Windows Defender and my explorer doesn't allow me to download it unless I deactivate all firewall and antivirus, so I can't even install this VM in the isolated network at all avoiding putting my computer in risk. I have been able to download it in one of the virtual machines installed into the isolated network, but I think it's not possible to install it from there in the Virtual Box, without going through the physical machine. |
Fwiw, I use an instance of kali that I prepped for gcp with nested
virtualization enabled (libvirt), so everything stays on gcp's network.
Repo is a mess, but https://github.com/deargle/kali-xfce-gcp-qemu-packer,
and anyone can use a ready-to-go kali that I prepared for a class I teach
by following the instructions here:
https://daveeargle.com/security-assignments/tutorials/intro-to-gcp.html
…On Sat, Nov 21, 2020, 5:54 AM sudo-chinche ***@***.***> wrote:
Thank you, tehtw, don't worry about running this VM, I have an isolated
virtual network where this machine will be running in "internal" network
mode.
My concerns are related to the virustotal analysis, where it finds bundled
files different as the files called in previous issues (kingofclubs.exe?)
and as my Windows Defender and my explorer doesn't allow me to download it
unless I deactivate all firewall and antivirus, so I can't even install
this VM in the isolated network at all avoiding putting my computer in risk.
I have been able to download it in one of the virtual machines installed
into the isolated network, but I think it's not possible to install it from
there in the Virtual Box, without going through the physical machine.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#497 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAI6Y7IOWFQZ6F526YGKZPLSQ6Z7PANCNFSM4TWLWT3A>
.
|
Windows powershell execution: The operation could not be completed because the file contains a virus or potentially unwanted software. Log: PS E:\user-sudo-chinche\Maquinas_Virtuales\metasploitable3-master> packer build --only=virtualbox-iso ./packer/templates/windows_2008_r2.json ==> virtualbox-iso: Retrieving Guest additions ==> Wait completed after 1 hour 30 minutes ==> Some builds didn't complete successfully and had errors: ==> Builds finished but no artifacts were created. |
I used Microsoft Edge browser and was able to download it just fine. |
While the project tries to get all files whitelisted in AV, these issued do crop up from time to time. This is false-positive mirroring issue #280, the binary is a service executable to provide for one of the intended vulnerable configurations in the windows host. |
Issue Description
Please check the General Issues section in the wiki before you submit the issue.
If you didn't find your issue mentioned, please give a thorough description of the issue you're seeing.
Also, please be sure to include any troubleshooting steps that you've already attempted.
I have seem other similar issues where different malware was identified while trying to download and all of them seem to be false positive. This time Windows firewall and Chrome both block the download because both identified a malware:
Level of blocked threat: severe
Malware detected: Backdoor:ASP/Dirtelti.HA
Date: I tried to download it yesterday and today 15.11.2020
Details: This program provides remote access to the computer on which it is installed.
https://go.microsoft.com/fwlink/?linkid=142185&name=Backdoor:ASP/Dirtelti.HA&threatid=2147761339
file: C:\Users\xxxx\Downloads\metasploitable3-master.zip
webfile: C:\Users\xxxx\Downloads\metasploitable3-master.zip|https://codeload.github.com/rapid7/metasploitable3/zip/master|pid:3768,ProcessStart:132498561430364935
Is it still a false positive? I can't see the specific file in the zip that launch the alert, it's just after 100-110MB downloaded
Host System
Browser: Google Chrome Versión 86.0.4240.198 (Build oficial) (64 bits)
Command Output
Copy the relevant command output here.
If it's long, either post to a gist and add the link here, or isolate the error lines.
Thanks in advance.
The text was updated successfully, but these errors were encountered: