# TeamCity Setup ### Module Objectives * Setup TeamCity * Install Languages * C# * Go * Create Users * Configure GitLab to work with TeamCity ### Prerequisites {% code overflow="wrap" %} ```yaml Minimum: - 4GB RAM - 64GB Disk Space - Virtualisation Software (VMWare or VirtualBox) - Windows 10 Pro - Git - Java JDK 17 / 22 ``` {% endcode %} ### Installing TeamCity {% hint style="info" %} **Section Objectives** * Install the TeamCity Server * Install the TeamCity Agent * Exclude the TeamCity folder from Defender {% endhint %} Compiling .NET Framework projects is easier on a Windows machine, hence we will be installing TeamCity on a Windows virtual machine. You can download TeamCity Professional from [here](https://www.jetbrains.com/teamcity/download/). Configure your install directory (or leave it as the default), and copy the path down. Since we will be compiling malicious projects, we must add a Defender exclusion to this path. You can leave everything as default.

TeamCity supports multiple build agents, which can be used in conjunction with GitLab's build agents as part of a CI/CD cycle (***GitLab Repo -> TeamCity Compilation -> File Sharing Server***) Once installation is complete, you should see the build agent properties pop up. Note down the server address.

Save the properties, then you can select whether you'd like it to run as a domain/local user, or as SYSTEM. We will run the server and the build agent as the SYSTEM account for simplicity's sake.

Once done, open the UI at `http://:8111.` Select the internal database (or set up an external one for long-term storage - [see migration steps here](https://www.jetbrains.com/help/teamcity/2024.03/migrating-to-external-database.html?Migrating+to+an+External+Database#Switch+with+No+Data+Migration) if you are following along), proceed, then accept the license agreement, and deselect the anonymous stats submission.

Once this is done, create an admin account then move on to the next section.

#### Defender Settings As mentioned before, we need to add an exclusion to Defender to prevent it from deleting our artifacts. Open Defender, then click on Manage settings

Turn off automatic sample submission to stop our artifacts from getting burned, then scroll down, click on add or remove exclusions, and add the TeamCity directory. The default location is `C:\Teamcity`

### Install Programming Languages #### Git Since we will clone GitHub repositories, [Git](https://git-scm.com/download/win) is required on the TeamCity server. #### C\# To compile most of the C#-based tools that we will be using in this blog, we need the .NET 4.0 and 4.5 targeting packs, as well as the 3.5 development tools. Since these are considered deprecated, they were removed from [dotnet.microsoft.com](https://dotnet.microsoft.com). A workaround is installing [Visual Studio 2019](https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes-preview), then downloading the .NET Desktop Workload and targeting packs.

Double check the components and add 3.5 development tools

#### Golang Installing Golang is pretty simple, you can get it from [their website](https://go.dev/doc/install), download the installer, and then hit next for everything ### Configuring GitLab (Optional) #### Integration If you would like to use TeamCity as part of your CI/CD pipeline, you can add it from the integrations section on GitLab at ***Admin -> Integrations -> JetBrains TeamCity***

You will need to change the `http://localhost:8111` default server URL to one that is accessible to GitLab (NAT/Host-Only for example)

#### SSH Key(s) Since we might have a mixture of private and public repositories on GitLab, we need to create an SSH key on our Windows server, then copy the public key to our ***GitLab server -> Deployment Keys -> New deploy keys*** 1. **Windows Server**

```powershell > ssh-keygen > cat ~/.ssh/ssh_key_name.pub ``` 2. **GitLab Server** {% hint style="info" %} Alternatively, you can add deploy keys per project instead of instance-wide to reduce your attack surface. {% endhint %}

Create a new key and add one on the user you want to access repositories from

#### Personal Access Token(s) Another way of doing this is by using Personal Access Tokens. These are unique random characters that allows for authentication through the GUI, as well as through REST APIs - which will come in handy if you make a builder tool later on for individual operators. To add them, go to ***Edit Profile -> Access Tokens -> Add new token***

Give the token a name, and check the permissions that you want it to have, then create the token.

Save the token in a secure location (Such as Bitwarden's Secrets Manager) so you can re-use it later on.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/teamcity/teamcity-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.