DeathStar: Getting Domain Admin

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques.

Installation

Currently, for Death Star to work you’re going to have to install byt3bl33d3r’s fork of Empire until this pull request gets merged and the changes get pushed to master. The fork contains some API and back-end database fixes for scripts that interact with the RESTful API.

  • First grab, install and run Empire:
git clone https://github.com/byt3bl33d3r/Empire
cd Empire/setup && ./install.sh && cd ..
# Start the Empire console and RESTful API
python empire --rest --username empireadmin --password Password123
  • Then grab, setup and run DeathStar:
git clone https://github.com/byt3bl33d3r/DeathStar
# Death Star is written in Python3
pip3 install -r requirements.txt
./DeathStar.py

Usage

  1. Run DeathStar
  2. Get an Empire Agent on a box connected to a Domain
  3. Go grab a coffee/tea/redbull, DeathStar will take care of everything else

Download

Add Comment