First thing first, make sure TeamSploit is fully up-to-date:
Now that TeamSploit is fully up-to-date, you need to configure TeamSploit based on your environment.
The configuration file contains all of the options and customization of TeamSploit but does have sane-defaults whenever possible. Additionally it provides self-explaintory names and comments to assist in the configuration process.
You'll want to change the very first option TS_CONFIG to 1
TS_CONFIG=1- this is used to ensure that you actually edited the config file before trying to run TeamSploit.
Next you'll need to decide if you want to use the CLI or GUI version of TeamSploit
TS_GUI=0 GUI Version:
The TS_WINDOWS option allows you to specify how many Primary windows you want to load - Primary windows are used to launch exploits, whereasthe Listener window is used to collect shells (from the primaries and teammates).
Moving forward, you need to set which interface you are using for the engagement (this is where you'll be listening for shell responses).
The TS_LOCAL option can be used if you do NOT wish to connect to an external/shared database. This is useful if you are using TeamSploit solo with no teammates.
TS_LOCAL=0 Local Database:
If you are using a shared database you'll need to configure it:
If you'd like to have a shared pool of shells, you can connect to a MSFD service:
Do Not Connect:
TS_MSFD_CONNECT=0 Connect to Shared MSFD:
If you are connecting to a shared MSFD service, configure where the service is being run.
If you are running with teammates you are going to want to share shells with those teammates:
TS_SHARE_SHELLS=1 Do Not Share Shells:
Configure who will get shells:
Now everyone on the team needs to have the SAME listening ports.
Next, we have a cool feature that will launch succesful exploits against other teams. This will simply run any exploit against the same system on a range of other teams (specfically using the last octet). This is extremely useful in Capture The Flags.
If you want to execute this function:
TS_TARGET_SOLO=0 If you want to skip this automated exploitation:
TeamSploit's automated post-exploitation will automatically add a user to exploited systems.
The next section configures what TeamSploit does during the automated post-exploitation process. TrollWare is a trojan that will ensure you maintain access, but will also lock the users out of the system (while taunting them). NetStopper will automatically stop all services on the system (useful for Denial of Service or scoring in a CTF). The Unpatcher automatically removes ALL system patches on the system, making it more vulnerable if you need to reexploit it.
Automated vulnerability scanning can also be configured, at present TeamSploit supports Nessus, OpenVAS, and Nexpose. Regardless of which scanner you decide to use the configuration is similiar (only the config keys change and Nesuss has an additionally option), so here is an exmaple with Nessus.
First you'll need to clearify if you wish to connect to the scanner.
TS_NESSUS_CONNECT=1 Do Not Connect:
Then you'll need to specify if you wish to automatically scan the configured targets:
Automaticallt Scan Targets:
TS_NESSUS_AUTOSCAN=1 Do Not Scan Targets:
This next option is unique to Nessus only, you'll need to specify the Nessus Scan Policy you wish you use for your automated scanning (make sure you check out this and this blog post for a guide on how to make this extremely Metasploit/TeamSploit friendly.)
And now for the easy part, just the scanner information:
Now for some really fun stuff - FULLY AUTOMATED EXPLOITATION (based Dark Operator's Exploitation Automation)
TS_AUTO_OWN=1 Do Not Auto-Exploit:
Now many concurrent exploits should be launched?
The last section that is important to configure is the IRC settings - these are only used if you are using the GUI version of TeamSplot.
Connect to IRC
TS_IRC=1 Do Not Connect to IRC
NOTE: This video is based on a much older version of TeamSploit (Revision 4); as such the video is out-dated, and shows the user manually executing many options. That said it is still a decent demonstration of some of the unique functionalities TeamSploit offers, as well as alook at how you can manually access some of the features.
Jump on over to IRC and we'll see what we can do...