Box-js

• Installation

• Preparation

• Starting box-js rest-api

• Box-js rest-api endpoints

Installation

• Quick and dirty notes on how to integrate box-js to CAPE:

  $ curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
  $ sudo apt install docker.io nodejs git
  $ sudo usermod -aG docker cape
  # newgrp docker
  $ docker run hello-world
  $ sudo npm install -g --save npm@latest core-util-is hapi rimraf express express-fileupload
  $ git clone https://github.com/kirk-sayre-work/box-js /opt/box-js
  $ cd /opt/box-js
  $ sudo npm audit fix --force
  

Preparation

• We will leave fixing and hardening of box-js for you, here are just a few examples:

  USERNAME="CAPE"
  IP="0.0.0.0"
  sudo sed -i "s|\\\\SYSOP1~1\\\\|\\\\$USERNAME\\\\|g" emulator/WScriptShell.js
  sudo sed -i "s|\\\\Sysop12\\\\|\\\\$USERNAME\\\\|g" emulator/WScriptShell.js
  sudo sed -i "s|windows-xp|windows 7|g" emulator/WScriptShell.js # or 10 who knows
  sudo sed -i "s|\\\\MyUsername\\\\|\\\\$USERNAME\\\\|g" emulator/ShellApplication.js
  sudo sed -i "s|USER-PC|$USERNAME-PC|g" emulator/WMI.js
  sudo sed -i "s|Sysop12|$USERNAME|g" emulator/WMI.js
  sudo sed -i "s|127.0.0.1|$IP|g" integrations/api/api.js
  

• replace emulator/processes.json with your own, you can use this to generate one:

  $ gwmi -Query "SELECT * FROM Win32_Process" > a.txt
  $ tools/makeProcList.js
  

• create a tar.gz with tar -czvf master.tar.gz  box-js-master/:

  $ cd integrations/api/
  

• replace Dockerfile with this content, required to run fixed/patched box-js inside of the Docker:

  FROM node:10-alpine
  #ENV http_proxy http://PROXY_IP:PORT
  #ENV https_proxy http://PROXY_IP:PORT
  RUN apk update && apk upgrade
  RUN apk add --no-cache bash file gcc m4
  RUN apk add -U --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing aufs-util
  # Install the latest v1 of box-js
  COPY master.tar.gz /samples/
  RUN npm install /samples/master.tar.gz --global --production
  RUN rm /samples/master.tar.gz
  WORKDIR /samples
  CMD box-js /samples --output-dir=/samples --loglevel=debug
  

Starting box-js rest-api

• The default port is 9000 you can change it inside of api.py

  $ node api.js

Box-js rest-api endpoints

• Check for box-js documentation

  • https://github.com/kirk-sayre-work/box-js/tree/master/integrations#methods

Sandbox configuration

• In conf/processing.conf enable box-js and set correct url