Closed bandrel closed 7 years ago
@bandrel can you give me the raw output of Empire's get_loggedon module for the host the agent is running on? this seems to be an error parsing that. Cheers
sanitized, but the format is the same. It looks like the local accounts that are logged in are showing up so there is not a LOGON_Server. So the method of splitting the output based on spaces wont work.
Job started: 4WFBPN
wkui1_username wkui1_logon_dom wkui1_oth_domai wkui1_logon_ser ComputerName
ain ns ver
-------------- --------------- --------------- --------------- ------------
Administrator FAKEDOMAIN localhost
Administrator COMPUTERNAME localhost
Administrator . localhost
User1 FAKEDOMAIN DC1 localhost
User1 FAKEDOMAIN DC1 localhost
COMPITERNAME$ FAKEDOMAIN localhost
Get-NetLoggedon completed!
Using this
username = entry.split()[0]
domain = entry.split()[1]
instead of this
username, domain, logon_server,_= entry.split()
should work since that function doesnt use the logon_server anyway.
After the change I don't see any errors so I think this should work for me. attached PR https://github.com/byt3bl33d3r/DeathStar/pull/5
getting this error constantly while running Deathstar.py