DeathStar

DeathStar is a pretty tool for automating the entire process of becoming DA. The flowchart made by byt3bl33d3r pretty much goes through each step you would normally do manually and works with harvested credentials to try to gain access. byt3bl33d3r has documented it on his Github.

https://blog.stealthbits.com/automating-mimikatz-with-empire-and-deathstar/

Basically, you run the NTLMrelay attack from the previous step, but with Empire set up with a REST API. Then you just run DeathStar, grab a coffee and come back as Domain Admin. Congratulations: you are now Darth Sidious.

Note: I have had some trouble making DeathStar and Empire cooperate. There's a little explanation of why in the DeathStar Github page. Hopefully, it will be stable soon.

Useful links https://blog.stealthbits.com/automating-mimikatz-with-empire-and-deathstar/

PreviousResponder with NTLM relay and Empire NextCrackMapExec

Last updated 6 years ago