search

byt3bl33d3r / DeathStar

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
GNU General Public License v3.0
1.58k stars 329 forks source link

DeathStar not Starting only starts get_loggedon #44

Closed jan85f closed 6 years ago

jan85f commented 6 years ago

HI,

I am facing an issue that after empire&deathstar are installed from your repos, empire gets started and deathstar also connects successful and creates its listener.

after generating a payload for the listener and executing it on a target, a beacon checks in. But then, the only Modul that starts is the UACBypass (and elevates privileges successful) and after it powershell/situational_awareness/network/powerview/get_loggedon

After that, nothing happens. no error. but also no "recon started" or lateral movement etc.

I am in a windows domain with 1dc, 1server and 1win10 workstation

here are my debug outputs form empire:

[root:.../localTest/Empire/DeathStar]# python3 DeathStar.py -lp 80 --debug (master) [] Powering up the Death Star [] Created Death Star listener => {'success': 'listener DeathStar successfully started'} [*] Polling for agents [+] New Agent => Name: 6D23WBRA IP: 192.168.0.129 HostName: WEF UserName: WEF\vagrant HighIntegrity: 0 [+] New Agent => Name: HTXLYM74 IP: 192.168.0.129 HostName: WEF UserName: WEF\vagrant HighIntegrity: 1 [DEBUG] Agent: HTXLYM74 => Executed Module => success: True taskID: 13 msg: 'tasked agent HTXLYM74 to run module powershell/situational_awareness/network/powerview/get_loggedon' [DEBUG] Agent: 6D23WBRA => Executed Module => success: True taskID: 10 msg: 'tasked agent 6D23WBRA to run module powershell/situational_awareness/network/powerview/get_loggedon' [+] New Agent => Name: SX95G8V3 IP: 192.168.0.129 HostName: WEF UserName: WEF\vagrant HighIntegrity: 0 [DEBUG] Agent: SX95G8V3 => Executed Module => success: True taskID: 1 msg: 'tasked agent SX95G8V3 to run module powershell/situational_awareness/network/powerview/get_loggedon' [DEBUG] Agent: SX95G8V3 => Result Buffer: {'results': 'wkui1_username wkui1_logon_domain wkui1_oth_domains wkui1_logon_server ComputerName\r\n-------------- ------------------ ----------------- ------------------ ------------\r\nvagrant WEF WEF localhost \r\nvagrant WEF WEF localhost \r\nWEF$ WINDOMAIN localhost \r\nWEF$ WINDOMAIN localhost \r\nWEF$ WINDOMAIN localhost \r\n\r\n\r\n\n\r\n\nGet-NetLoggedon completed!', 'taskID': 1} [+] Agent: SX95G8V3 => Found 1 users logged into localhost: ['WEF\vagrant']

NOTHING happens anymore, processes are up and respnsive I am running it on a kali2017.3 vmfusion

looking forward to your feedback. Best Regards, Jan

byt3bl33d3r commented 6 years ago

So, from the output it just seems that Deathstar couldn't find a path to DA. I'm pretty sure this isn't a bug.

However I suggest you try this again now that #50 has been merged which solves a plethora of problems.

If it keeps happening comment below.

Cheers