diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2015-12-09 21:44:30 -0500 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2015-12-09 21:44:30 -0500 |
| commit | a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab (patch) | |
| tree | e09f0586e56f7417d1341a6a7d7ed795128c32b4 | |
| parent | 1a5deebdc7cb2974d5fb02968a4e93201e56d144 (diff) | |
| download | Inveigh-a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab.tar.gz Inveigh-a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab.zip | |
Added ability to display only one captured challenge/response for each unique account
Added the 'unique' parameter to Get-InveighNTLMv1 and Get-InveighNTLMv2.
If 'unique' is enabled, only the first captured challenge/response for
each unique account will be displayed.
| -rw-r--r-- | Scripts/Inveigh-Relay.ps1 | 70 | ||||
| -rw-r--r-- | Scripts/Inveigh.ps1 | 70 |
2 files changed, 136 insertions, 4 deletions
diff --git a/Scripts/Inveigh-Relay.ps1 b/Scripts/Inveigh-Relay.ps1 index 2a220f8..848a683 100644 --- a/Scripts/Inveigh-Relay.ps1 +++ b/Scripts/Inveigh-Relay.ps1 @@ -1524,8 +1524,41 @@ Function Get-InveighNTLMv1 <# .SYNOPSIS Get-InveighNTLMv1 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv1_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv1_list.sort() + + foreach($unique_NTLMv1 in $inveigh.NTLMv1_list) + { + $unique_NTLMv1_account = $unique_NTLMv1.substring(0,$unique_NTLMv1.indexof(":",($unique_NTLMv1.indexof(":")+2))) + + if($unique_NTLMv1_account -ne $unique_NTLMv1_account_last) + { + $unique_NTLMv1 + } + + $unique_NTLMv1_account_last = $unique_NTLMv1_account + } + } + else + { + $inveigh.NTLMv1_list + } } Function Get-InveighNTLMv2 @@ -1533,8 +1566,41 @@ Function Get-InveighNTLMv2 <# .SYNOPSIS Get-InveighNTLMv2 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv2_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv2_list.sort() + + foreach($unique_NTLMv2 in $inveigh.NTLMv2_list) + { + $unique_NTLMv2_account = $unique_NTLMv2.substring(0,$unique_NTLMv2.indexof(":",($unique_NTLMv2.indexof(":")+2))) + + if($unique_NTLMv2_account -ne $unique_NTLMv2_account_last) + { + $unique_NTLMv2 + } + + $unique_NTLMv2_account_last = $unique_NTLMv2_account + } + } + else + { + $inveigh.NTLMv2_list + } } Function Get-InveighLog diff --git a/Scripts/Inveigh.ps1 b/Scripts/Inveigh.ps1 index c918e65..3112a75 100644 --- a/Scripts/Inveigh.ps1 +++ b/Scripts/Inveigh.ps1 @@ -1494,8 +1494,41 @@ Function Get-InveighNTLMv1 <# .SYNOPSIS Get-InveighNTLMv1 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv1_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv1_list.sort() + + foreach($unique_NTLMv1 in $inveigh.NTLMv1_list) + { + $unique_NTLMv1_account = $unique_NTLMv1.substring(0,$unique_NTLMv1.indexof(":",($unique_NTLMv1.indexof(":")+2))) + + if($unique_NTLMv1_account -ne $unique_NTLMv1_account_last) + { + $unique_NTLMv1 + } + + $unique_NTLMv1_account_last = $unique_NTLMv1_account + } + } + else + { + $inveigh.NTLMv1_list + } } Function Get-InveighNTLMv2 @@ -1503,8 +1536,41 @@ Function Get-InveighNTLMv2 <# .SYNOPSIS Get-InveighNTLMv2 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv2_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv2_list.sort() + + foreach($unique_NTLMv2 in $inveigh.NTLMv2_list) + { + $unique_NTLMv2_account = $unique_NTLMv2.substring(0,$unique_NTLMv2.indexof(":",($unique_NTLMv2.indexof(":")+2))) + + if($unique_NTLMv2_account -ne $unique_NTLMv2_account_last) + { + $unique_NTLMv2 + } + + $unique_NTLMv2_account_last = $unique_NTLMv2_account + } + } + else + { + $inveigh.NTLMv2_list + } } Function Get-InveighLog |