Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
GNU General Public License v3.0
1.57k
stars
331
forks
source link
Fixed all modules with new Empire options and fixed bugs that Empire introduced #50
Added a bunch of code to fix the module_options to fit with latest Empire version. Additionally, added code to handle the bugs that Empire introduced recently, especially as it relates to how Empire handles getting task results. Empire seems to now spit back "Job started: xxxxxx" when you poll the agent for results. Only after the job is done will it actually give the completed results but there's no indication of when the job finished. Most jobs have the string, "Get-XXXXX completed!" at the end of the results string, however, some modules leave off the exclamation mark and others (get_group_members) don't have a completed string at all. Sigh.
Another issue is that some modules in empire return results like, "Job started: XXXXXXwindows10.lab.local\r\nwindows11.lab.local". They're missing the \r\n in between the job started msg and the task results.
So all that shit's fixed and I tried to fix it so that even when Empire fixes their own bugs in the output and stuff, DeathStar will still work properly.
byt3bl33d3r
commented
6 years ago 
Added a bunch of code to fix the module_options to fit with latest Empire version. Additionally, added code to handle the bugs that Empire introduced recently, especially as it relates to how Empire handles getting task results. Empire seems to now spit back "Job started: xxxxxx" when you poll the agent for results. Only after the job is done will it actually give the completed results but there's no indication of when the job finished. Most jobs have the string, "Get-XXXXX completed!" at the end of the results string, however, some modules leave off the exclamation mark and others (get_group_members) don't have a completed string at all. Sigh.
Another issue is that some modules in empire return results like, "Job started: XXXXXXwindows10.lab.local\r\nwindows11.lab.local". They're missing the \r\n in between the job started msg and the task results.
So all that shit's fixed and I tried to fix it so that even when Empire fixes their own bugs in the output and stuff, DeathStar will still work properly.