DarthSidious
  • Darth Sidious
  • GETTING STARTED
    • Getting started
    • External network access to Domain Admin
    • Intro to Windows hashes
  • Building a lab
    • Building a lab
    • Preparing Kali
    • Building a small lab
    • Building a lab with ESXI and Vagrant
    • Cuckoo malware analysis lab
  • Initial access
    • Password spraying
    • Initial access through exchange
  • ENUMERATION
    • Powershell
    • BloodHound
    • PowerView
    • Azure enumeration
  • Execution
    • Pass the hash
    • Responder with NTLM relay and Empire
    • DeathStar
    • CrackMapExec
  • Privilege escalation
    • Mimikatz
    • Token Impersonation
    • Juicy Potato
    • ALPC bug 0day
  • Defense evasion
    • Bypassing Applocker and Powershell contstrained language mode
    • From RDS app to Empire shell
    • Stealth
  • OTHER
    • Link encyclopedia
    • Writeups
      • lkylabs v1
    • War stories
      • Domain admin in 30 minutes
  • Credential access
    • Password cracking and auditing
  • Command & Control
    • SILENTTRINITY
Powered by GitBook
On this page
  1. Execution

DeathStar

PreviousResponder with NTLM relay and EmpireNextCrackMapExec

Last updated 7 years ago

DeathStar is a pretty tool for automating the entire process of becoming DA. The flowchart made by byt3bl33d3r pretty much goes through each step you would normally do manually and works with harvested credentials to try to gain access. .

Basically, you run the NTLMrelay attack from the previous step, but with Empire set up with a REST API. Then you just run DeathStar, grab a coffee and come back as Domain Admin. Congratulations: you are now Darth Sidious.

Note: I have had some trouble making DeathStar and Empire cooperate. There's a little explanation of why in the DeathStar Github page. Hopefully, it will be stable soon.

Useful links

https://blog.stealthbits.com/automating-mimikatz-with-empire-and-deathstar/
byt3bl33d3r has documented it on his Github
https://blog.stealthbits.com/automating-mimikatz-with-empire-and-deathstar/