Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
I noted that running with the default port of 8443 was throwing out powershell errors when the powershell command was being executed on the host. When I ran with -lp 443, it worked flawlessly. Looking at the listener that was created, the host was specified as https://x.x.x.x/ regardless of the port specified.
I believe that
if not get_listener_by_name():
listener_opts = {'CertPath': 'data/', 'Name': 'DeathStar', 'Port': args.listener_port}
if args.listener_ip:
listener_opts['Host'] = args.listener_ip
may need to be changed to something like:
if not get_listener_by_name():
listener_opts = {'CertPath': 'data/', 'Name': 'DeathStar', 'Port': args.listener_port}
if args.listener_ip:
listener_opts['Host'] = args.listener_ip +":" + args.listener_port
I'm on an active engagement right now, but I'll try to do some further testing and submit a PR when I get some time. Just wanted to get it on the radar ATM
I noted that running with the default port of 8443 was throwing out powershell errors when the powershell command was being executed on the host. When I ran with -lp 443, it worked flawlessly. Looking at the listener that was created, the host was specified as https://x.x.x.x/ regardless of the port specified.
I believe that
may need to be changed to something like:
I'm on an active engagement right now, but I'll try to do some further testing and submit a PR when I get some time. Just wanted to get it on the radar ATM