Frequently Asked Questions



How does TeamSploit provide Exploitation Automation?


Vulnerability Matching.

TeamSploit's Automated Exploitation, when configured correctly, will first requires and automates, a vulnerability scan of the target range. This vulnerability data is then matched to Metasploit modules (exploits), which are launched against the targets.

This exploit matching and execution leverages work done by Carlos Perez (Dark Operator), you can review his work and this particular plugin here.


How does TeamSploit provide Exploitation Automation?


Post-Exploitation is Configurable.

During the process of configuring TeamSploit, you are actually defining a large portion of the Post-Exploitation process.

Options like your defined Teammates as well as configurable switches like TROLLWARE, NETSTOPPER, and UNPATCHER are Auto-Post Exploitation options.

Utilizing a template system, you can actually further direct TeamSploit on what actions you'd like taken during the Auto-Post Exploitation process.

The Auto-Post Exploitation templates can be found within the TeamSploit/.msf/plugins/ directory.

Within this directory you should find a number of .autopost.source files. These can be edited, and will then be used as the template base the next time you launch TeamSploit.


What information and data is automatically gathered from a target?


Tons!

TeamSploit's Automated Post-Exploitation gathers a substantial amount of system information from an exploited target.

This information gathering, and the entire Post-Exploitation process is configurable, but by default includes information such as:

System Name, Network Information, Usernames/Password Hashes, Groups, Shares, Software Lists, Software Keys, Running Processes, Files of Interest (based on extension), and much more.


How does TeamSploit share sessions?


Persistent Teammates.

Once a target is exploited, TeamSploit's Automated Post-Exploitation process will spawn a new session for both your Listener as well as the Listeners for each of your defined teammates.

This will ensure everyone on the team has access to a system once it is exploited.

The new session will be a persistent session that should survive reboots, as well as other connection issues.


Which Trojans does TeamSploit provide?


Only Custom Trojans are provided.

TeamSploit does not ship with any commonly-found trojans, but instead a few custom - templated trojans.

The Trojans can be configured through the TeamSploit configuration, and found within the TeamSploit/.trojans directory.

Within this directory you can alter and add trojans, utilizing the simple template system.

Additionally, if you'd like to add new Trojans, ensure you modify the .autopost.source.trojans file within the code>TeamSploit/.msf/plugins/ directory.


What is TrollWare?


Malicious Software intent on disrupting the system owner for the lulz.

TrollWare is a term coined by the folks behind TeamSploit. It is used to define a set of malicious software that not only performs malicious actions typically found in a Remote Access Trojan, but to also causes havoc for the purpose of the attacker's entertainment.

The TrollWare included with TeamSploit performs the following hilarious actions:

Disables Safe Mode, Forces mandatory Disk-Check on Boot (Unskippable), Changes System Background (Taunting the Administrators), Kills Common Administrative Processes, Auto-Locks Workstation on Unlock (System Locks, and Stays Locked), and more.


What penetration testing stages does TeamSploit automate?


The first 4 out of 5!

First, gaining access to a system can be broken down into the following stages: Reconnaissance, Target Acquisition, Exploitation, Maintaining Access, and Covering Tracks.

With that understanding, TeamSploit can currently fully automate the first four stages: Reconnaissance, Target Acquisition, Exploitation, Maintaining Access.

Reconnaissance - TeamSploit will fully scan, catalog, and record network accessible information on the defined targets.

Target Acquisition - TeamSploit will perform a vulnerability assessment against the defined targets, combining that information with the previously gained reconnaissance information to develop an attack plan.

Exploitation - TeamSploit will then launch the attack plan, stopping attack on a target once access has been gained. TeamSploit will move from target-to-target until all targets are compromised, or the plan is concluded.

Maintaining Access - TeamSploit will launch the Automated Post-Exploitation process on each compromised target, ensuring that persistent access is acquired. TeamSploit will also gather further asset intelligence.


Can you explain the automation workflow, and how I interact with each component?


Sure.

  1. The Reconnaissance process - obtaining network accessible information for the targets.
  2. The Target Acquisition process - performing a vulnerability assessment, aggregating and correlating that information with the obtained network information.
  3. The Exploitation process - running concurrent attack plans against the vulnerable targets.
  4. Once a system is compromised - TeamSploit launches the Post-Exploitation process, running a number of access maintenance components, sharing sessions, as well as collecting further information (like password hashes).

  5. Once all exploitation threads are complete, TeamSploit utilizes the obtained password hashes to attempt lateral access from one target to the next.
  6. If lateral access is obtained, Post-Exploitation begins on that target.
  7. Returns access to the user, with all obtained sessions.
  8. The entire automation process will happen within your first Primary window.

    You may use your subsequent primary windows during this time to manually exploit systems or utilize other Metasploit modules and tools. Any access obtained this way, will then launch the Post-Exploitation process on that target.

    During the entire process, you will be obtaining sessions to compromised targets within your Listerner window. You are free to interact with these sessions as soon as they connect, without fear of interrupting the automation process.

    The Shared session window is a connection to a join MSF console (MSFD). You may use this as a session pool or centralized attack point. One configuration would include having sessions shared to this console as well as individual teammates.

    When utilizing the GUI, the Chat window will allow you to communicate with fellow teammates, and the Browser window will allow you to do research. All of this easily accessible from within your TeamSploit enviroment.


I've heard that TeamSploit will fully compromise an entire network in under 10 minutes, is that true?


Maybe.

If fully configured, TeamSploit can generally compromise an entire network, even with only a single externally vulnerable host.

This is possible due to the lateral movement TeamSploit employs with techniques such as passing-the-hash. Networks with centralized access management (like Active Directory) are very easy targets for TeamSploit.

That said, the longest part of the process is the vulnerability assessment. If configured properly, TeamSploit does have a very quick execution time, and 10 minutes is not unheard of.


How do I X, Y, or Z?


Take Metasploit Unleashed.

First and foremost, it is important to understand that while there is a thin layer of TeamSploit between you and Metasploit - you do have direct access to Metasploit.

Often you'll be able to complete your desired action with nothing more than normal Metasploit commands and usage. So be sure you are fimiliar with Metasploit before you venture into the TeamSploit realm.

Metasploit Unleashed is an excellent, free, and online training course developed by Offensive Security, for Metasploit, and is great starting resource.


How do I manually launch a vulnerability scan?


Run nessus_scan_new [policy number] [scan name] [scan target range].


How do I manually launch the exploitation automation?


Run a Vulnerability Scan and then vuln_exploit -j [number of concurrent jobs].


How do I manually launch the hash-passing automation?


Obtain or import password hashes and then run pass_the_hash -j [number of concurrent jobs].


Is TeamSploit Free?


Yes!

TeamSploit is released under the GNU Public License, Version 3. You can find a copy of the license here.

The GPLv3 makes TeamSploit Free as in Free Speech and Free as in Free Beer.

You are free to Modify, Share, Distribute, and Use TeamSploit as you see fit, as long as you follow the guidlines of the GPLv3.


Can I modify TeamSploit?


Yes!

TeamSploit is released under the GNU Public License, Version 3. You can find a copy of the license here.

You may modify TeamSploit in any way you desire; however, if you distribute your changes in any form to someon else, you'll need to release the source code for your changes.


Must I release my changes?


Maybe.

If you make changes for your own personal use, you do not need to release or share your changes with anyone.

However, if you share any of your changes (in any form), you'll need to share the source code for those changes with that person or group.


What can they do with my changes?


The Same Things You Can.

Your changes must be released under the GPL, Version 3 or higher. You can find a copy of the license here.

Once your changes are released under the GPL, the recipients of said changes will have the same rights and access that you do with TeamSploit.

They will be free to Modify, Share, Distribute a, and Use your changes as they see fit, as long as they follow the guidlines of the GPL.


Who has contributed to TeamSploit?


Lots of People!

Many people have contributed to TeamSploit in various different ways. It is a community, opensource project afterall.

Here is a list and Special Thanks to some of the top contributors:


I have a really cool change for TeamSploit. Can I provide it to you for inclusion in an official release?


Absolutely!

Send Justin Wray a copy of your changes, and how you wish to be attributed (name/alias, email, website, and anything else you'd like included).

Justin will review the changes, and if they provide a useful purpose, they may very well be included in an official release.


I have a really cool idea for TeamSploit. Can I share it with you for possible development?


Of Course.

All great things, including TeamSploit, start with an idea. If you have a worthwhile idea, it may very well be worked on.

Send Justin Wray a copy of your ideas, and how you wish to be attributed (name/alias, email, website, and anything else you'd like included).

Justin will review the ideas, and if they provide a useful purpose, add them to the development roadmap.


Will I get credit for my changes/ideas?


Most Likely.

Whenever possible attribution will be provided. However, in cases where technologies, ideas, or processes are publically distributed, it's possible attribution may not be included.

If however, you share your changes with us directly, you'll get attribution if you so desire. You can of course opt-out, and remain anonymous as well.


Someone is claiming credit for my work, what should I do?


Notify Us.

Sadly this happens from time to time. Whenever possible attribution is provided.

However, in cases where technologies, ideas, or processes are publically distributed it's possible attribution may not be included.

Of course there are times when someone else may simply steal your work and pass it off as their own.

In either case, contact us and we'll work with you to see if we can get attribution added.


Can I contrinbute to TeamSploit financially?


Of Course!

All of the TeamSploit developers work on TeamSploit on their own time.

If you wish to help support the TeamSploit core developers, you can!

All donations go to the TeamSploit core development team and assist with future development work.

You can use Dontate Button below or, if you wish, you can send bitcoins donations directly to 1D7Z8wMfjGa7ApnHDD7bHcqg99cQwPStPv

Donate Bitcoins


What operating system environment was TeamSploit built for?


Linux.

TeamSploit was built and tested on BackTrack and other Ubuntu/Debian based distributions of Linux.

However, TeamSploit has also been tested and works on OSX and non-Debian based Linux distributions.

It should more or less work on any POSIX system as long as you have the required dependencies, of which you can find a list here


Will TeamSploit run on X operating system?


Maybe?

TeamSploit was built and tested on BackTrack and other Ubuntu/Debian based distributions of Linux.

However, TeamSploit has also been tested and works on OSX and non-Debian based Linux distributions.

It should more or less work on any POSIX system as long as you have the required dependencies, of which you can find a list here

If you've found a unique enviroment that you've gotten TeamSploit working on and you'd like to share that information - please do.

If you've found a POSIX system WITH the dependencies installed, yet still cannot get TeamSploit running - please let us know.


Does TeamSploit run on Windows?


No.

Well... Maybe.

TeamSploit will not just run on a regular Windows install, it may work however, if you have a POSIX enviroment (like Cygwin) installed, and the Linux version of Metasploit, etc

However it has never been tested (to our knowledge), and is not going to be an easy task.


Will there be a version of TeamSploit for Windows in the future?


Likely Not.

TeamSploit is built for a POSIX system and depends on things like BASH and other Linux based utilities and methods.

As most of TeamSploit is interpreted and coded in Ruby, it is very possible to port TeamSploit over to Windows.

Porting TeamSploit is not even on the Roadmap, and if it ever makes it to the roadmap it will be very, very low on the priority list.

That all said, if someone comes along and ports it, we'll be happy to release the port. Just let us know.


What versions of Metasploit does TeamSploit work with?


3 or Higher.

TeamSploit is built for any version of Metasploit that is built on Ruby, which is 3.0+

It is however important to stay up-to-date with the newest version of Metasploit and TeamSploit, to ensure you are getting the latest and greatest features and all of the stable bug-fixes.


What versions of Ruby does TeamSploit (GUI) work with?


1.8

TeamSploit has been built and tested on Ruby 1.8; however, it is possible to get TeamSploit (GUI) working with Ruby 2.0

The TeamSploit (GUI) is compatable with Ruby 2.0, and was only built against 1.8 because the required Ruby bindings within the BackTrack repository are currently built for version 1.8


I don't have a graphical environment (like X or a Windows Manager, etc), can I still run TeamSploit?


Yes.

You'll first need to configure TeamSploit, be sure to have all GUI options disabled.

Next, you'll need to execute the setup process:

./.setup

At this point, the TeamSploit enviroment is configured, and ready to go.

You can launch a Primary console with:

sudo msfconsole -m .msf -r .teamsploit.rc.primary

You can launch additional subsequent Primary consoles with:

sudo msfconsole -m .msf -r .teamsploit.rc.primary.sub

The Listener console can be launched with:

sudo msfconsole -m .msf -r .teamsploit.rc.listener

It is imperative that you have at least, a single Primary and a single Listener console open for TeamSploit to properly function.

If you do not wish to use multiple TTYs in order to run TeamSploit, you may want to look into screen which is avaliable on most Linux distributions.


How can I use TeamSploit with MSF Express or MSF Pro?


Simply Install MSF Express or MSF Pro.

It really is that easy. TeamSploit dynamically finds your Metasploit install, and will load whichever CLI you have avaliable. This will give you access to some of the MSF Express or MSF Pro functionalities.


I've heard I can use TeamSploit with Armitage, how do I set that up?


Point Armitage to the TeamSploit Database and MSFD.

Someone will need to be running TeamSploit (it can be on a server or some other centralized resource). Make sure this person has TeamSploit set to launch a MSFD service.

TS_SERVER=0

TS_SERVER_MSFD_PORT=51337

TS_SERVER_MSFRPCD_PORT=51338

TS_SERVER_MSFRPCD_USER=teamsploit

TS_SERVER_MSFRPCD_PASS=password

Then just point the Armitage clients to the shared Database and the TeamSploit MSFD service.

From this point you'll be able to access the TeamSploit plugins, including the automated post-exploitation and shell sharing.

Note:

It if very important to understand that the configuration for the copy of TeamSploit that is running is shared, so be sure that configuration matches the enviroment/settings your group/team needs and wants.


When I run TeamSploit, it is complaining about a configuration file, what do I do?


Configure TeamSploit!

TeamSploit needs to be configured before you can use it. No worries, there are plenty of sane-default options, so not too much work is needed.

It is required that you at least change the TS_CONFIG value to 1

Take a look at the Getting Started documentation to get a better idea of how you should configure TeamSploit.


When I load TeamSploit CLI or GUI, I'm getting errors about missing files or commands not being found. What's wrong?


Install ALL Dependencies.

TeamSploit needs a number of items to already be installed and working before you can load TeamSploit.

Take a look at the Install documentation to get a better idea of what you need and how to get it.


When I run TeamSploit, I am getting errors about copying various files and plugins. It seems like a never ending loop. What's wrong?


Corrupt Metasploit Install.

This is usually the case when you have a corrupt Metasploit Install or Environment.

Simply remove any current Metasploit installation(s) and then re-install Metasploit which should resolve the issue.


When I exit TeamSploit GUI, I sometimes see a large error dump. What is this?


Ugh.

This is an issue with the threaded nature of TeamSploit. To put simply, you can just ignore it.

The issue is TeamSploit is closing one (or all threads) before the thread manager believes they are done - which is semi-true, you're closing them before they close on their own (which they never do).

Seriously though, it is not an issue. It is safe to ignore. We're working on a better exit cleanup, that should resolve the noise.