Add install active directory install command

[adfoster-r7]

Adds install active directory command script to vm-automation; which allows for testing Kerberos/AD environments

---

My testing steps were running this script locally against a windows 2016/2019 server box. Will be used by https://github.com/rapid7/metasploit-jenkins-jobs/pull/449

I then tested it with vmware-automation project by first building the metasploit-baseline-builder docker container:

cd metasploit-baseline-builder/docker
docker build -f Dockerfile -t metasploit-baseline-builder .

Creating an ESXi config in ~/helper_config.json:

{
  "HYPERVISOR_TYPE": "ESXI",
  "HYPERVISOR_HOST": "10.x.x.x",
  "HYPERVISOR_USERNAME": "....",
  "HYPERVISOR_PASSWORD": "....",
  "HYPERVISOR_LISTENING_PORT": 443
}

Running a docker container from the Jenkins user, mounting vmware-automation and the esxi config:

cd vmware-automation
docker run -it -u jenkins -v $(pwd):/r7-source/vm-automation -v $(realpath ~/helper_config.json):/r7-source/helper_config.json -w /r7-source metasploit-baseline-builder:latest /bin/bash -l

Inside the running docker instance I had to install pip:

pip install requests

Verifying the action is available (change the prefix):

$ cd /r7-source/vm-automation/samples
$ python ./samples/manageServices.py -k MYPREFIX_Win --actionFile /r7-source/vm-automation/samples/action_scripts/commands.json --listCommands /r7-source/helper_config.json
cryptography, and will be removed in the next release.
  from cryptography.hazmat.backends import default_backend
INSTALL_AVG
AUTOLOGIN_DISABLE
DEFENDER_SIGUPDATE
UAC_ENABLE
INSTALL_MALWAREBYTES
WSUS_DISABLE
DEFENDER_DISABLE
UAC_DISABLE
INSTALL_AVAST
AUTOLOGIN_ENABLE
SMB1_ENABLE
FIREWALL_DISABLE
SMB1_DISABLE
WSUS_ENABLE
INSTALL_ACTIVE_DIRECTORY_DOMAIN_SERVICES <------------------
FIREWALL_ENABLE
DEFENDER_ENABLE

Running the action with hard coded user/password values against the target machine (change the prefix):

cd /r7-source/vm-automation/samples
python /r7-source/vm-automation/samples/manageServices.py -k MYPREFIX_Win --actionFile /r7-source/vm-automation/samples/action_scripts/commands.json --action INSTALL_ACTIVE_DIRECTORY_DOMAIN_SERVICES --user vagrant --password vagrant /r7-source/helper_config.json

View the log files:

cat /r7-source/vm-automation/samples/logs/* 

[jmartin-tech]

This looks like a great add.

Sorry this got delayed, more testing is in progress. Posting a couple initial thoughts.

[jmartin-tech]

Testing looks good, just the one question here about using a hardcoded configuration password.

[jmartin-tech]

Should this get the VM password from the launch config for manageServices.py? I don't mind a hardcode value however I that is not super friendly to the those that may want to have at least some security in the testing env.