You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixed a error that caused spraying against common .com tenants to fail 19.04.2023
Updated from EOL NET Core 3.2 to NET 7.0. This fixes the SSL library issues reported when running TeamFiltration on the latest Ubuntu and Windows Server 2022, issue #21
Updated the Github workflow pipeline with a better naming convention as well as compiling binaries for MacOS ARM64
Updated the --validate-msol enum method, thanks to tuxnam for reporting this. Seems MS had changed the JSON response structure rendering the old implementation broken. Issue #25 and #22
Re-implemented and added --tokens and --cookie-dump --tokens now handles both a single JWT token, JWT tokens separated by , and a file with newline separated JWT tokens as input. Parses and stores tokens in the database and performs exfiltration based on that. --cookie-dump now handles two input structures SharpChrome.exe JSON output and/or the Firefox plugin Cookie Quick Manager dump output, parses and stores tokens in the database, and performs exfiltration based on that.
Re-written the whole exfiltration and conditional access enumeration process, see the flow diagram for the complete process.
Fixed crash when running without specifying config JSON in command line, issue #24
Added the email format j.smith@domain.com as requested in issue #25.
Added error handling for email format selection
Re-written the spray logic to make way for --shuffle-regions, --shuffle-users, --shuffle-passwords and --auto-exfil
IPv6 has been disabled to avoid errors when TeamFiltration is used with proxy tools such as proxychains4 and Proxifier
--auto-exfil has been added to the spray module, allows TeamFiltration to automatically start exfiltration once a valid set of credentials is found
ADFS support, while still in BETA, has been tested more heavily and found to work with FireProx.
Exfiltrated Team's chat conversations are now re-produced in HTML for easier viewing locally. Work still remains in better constructing groups chats
Added the GetPresence check to Teams Account Enumeration mode, fetched and stored the OutOfOffice message in the database when found
Changed the ValidAccount database structure to account for these changes