diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2015-09-20 21:50:06 -0400 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2015-09-20 21:50:06 -0400 |
| commit | d8c4b5ce6203f43d9c0f6ac48636a9d7a948d2b3 (patch) | |
| tree | a8cb7d61dd85203ac38153acc4d14046060e05f9 | |
| parent | 83ec6d8641c2d8467041e5a5c6422f4719c6c04a (diff) | |
| download | Inveigh-d8c4b5ce6203f43d9c0f6ac48636a9d7a948d2b3.tar.gz Inveigh-d8c4b5ce6203f43d9c0f6ac48636a9d7a948d2b3.zip | |
Removing old version files
| -rw-r--r-- | old/Inveigh-Loader.ps1 | 77 | ||||
| -rw-r--r-- | old/Inveigh.ps1 | bin | 73010 -> 0 bytes | |||
| -rw-r--r-- | old/LICENSE.md | 31 | ||||
| -rw-r--r-- | old/README.md | 29 | ||||
| -rw-r--r-- | old/TODO.md | 12 | ||||
| -rw-r--r-- | old/inveigh.pfx | bin | 2550 -> 0 bytes |
6 files changed, 0 insertions, 149 deletions
diff --git a/old/Inveigh-Loader.ps1 b/old/Inveigh-Loader.ps1 deleted file mode 100644 index 5e4f4ac..0000000 --- a/old/Inveigh-Loader.ps1 +++ /dev/null @@ -1,77 +0,0 @@ -<# -.SYNOPSIS -Inveigh Loader provides additional options for running Inveigh as an unattended payload. - -.DESCRIPTION -Inveigh Loader can load Inveigh with set parameters and stop execution after specified amount of time. Inveigh can be either loaded as a separate script or through a scriptblock embedded within this script. If the scriptblock method is selected, the current Inveigh.ps1 code must be copied into the $inveigh_scriptblock below. This is a basic version, additional features will be added. -#> - -# Inveigh loader parameters -$run_length = 1 # Set the number of minutes Inveigh will run -$start_job_method = "filepath" # Set the Job-Start method. filepath,scriptblock - -# Inveigh parameters - refer to Inveigh.ps1 for details -$IP = "" -$SpooferIP = "" -$HTTP = "Y" -$HTTPS = "N" -$SMB = "Y" -$LLMNR = "Y" -$NBNS = "N" -$NBNSTypes = @("20") # Format for multiples = @("00","20") -$Repeat = "Y" -$ForceWPADAuth = "Y" -$Output = "0" -$OutputDir = "" - -if(-not($IP)) -{ - $IP = (Test-Connection 127.0.0.1 -count 1 | select -ExpandProperty Ipv4Address) -} - -if(-not($SpooferIP)) -{ - $SpooferIP = $IP -} - -if(-not($OutputDir)) -{ - $OutputDir = $PWD.Path -} - -$inveigh_scriptblock = -{ # begin $inveigh_scriptblock - paste Inveigh.ps1 code below this line if using $start_job_method = "scriptblock" - -} # end $inveigh_scriptblock - -try -{ - if ($start_job_method -eq "filepath") - { - Start-Job -Name Inveigh -FilePath .\Inveigh.ps1 -ArgumentList $IP,$SpooferIP,$HTTP,$HTTPS,$SMB,$LLMNR,$NBNS,$NBNSTypes,$Repeat,$ForceWPADAuth,$Output,$OutputDir | Out-Null - } - elseif ($start_job_method -eq "scriptblock") - { - Start-Job -Name Inveigh -ScriptBlock $inveigh_scriptblock -ArgumentList $IP,$SpooferIP,$HTTP,$HTTPS,$SMB,$LLMNR,$NBNS,$NBNSTypes,$Repeat,$ForceWPADAuth,$Output,$OutputDir | Out-Null - } - else - { - throw "Invalid $start_job_method." - } - - $run_timeout = new-timespan -Minutes $run_length - $run_stopwatch = [diagnostics.stopwatch]::StartNew() - - while ($run_stopwatch.elapsed -lt $run_timeout) - { - Receive-Job -name Inveigh - } - -} -finally -{ - Stop-Job -name Inveigh - Receive-Job -name Inveigh - Remove-Job -name Inveigh - write-warning "Inveigh Loader exited at $(Get-Date -format 's')" -} diff --git a/old/Inveigh.ps1 b/old/Inveigh.ps1 Binary files differdeleted file mode 100644 index 436d505..0000000 --- a/old/Inveigh.ps1 +++ /dev/null diff --git a/old/LICENSE.md b/old/LICENSE.md deleted file mode 100644 index 9790f29..0000000 --- a/old/LICENSE.md +++ /dev/null @@ -1,31 +0,0 @@ -Inveigh is provided under the 3-clause BSD license below. - -************************************************************* - -Copyright (c) 2015, Kevin Robertson -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -* Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - -* Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -* Neither the name of Inveigh nor the names of its - contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/old/README.md b/old/README.md deleted file mode 100644 index 2255b06..0000000 --- a/old/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Inveigh -Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions. - -# Requirements -Tested minimums are PowerShell 2.0 and .NET 3.5. - -# Notes -1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture. -2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets. -3. SMB challenge/response captures are performed by sniffing over the host system's SMB service. -4. HTTP challenge/response captures are performed with a dedicated listener. -5. The local LLMNR/NBNS services do not need to be disabled on the host system. -6. LLMNR/NBNS spoofer will point victims to host system's SMB service, keep account lockout scenarios in mind. -7. Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS. -8. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system. -9. Output files will be created in current working directory. -10. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns. - -# Usage -Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass the PowerShell script execution policy. - -To execute with default settings: -Inveigh.ps1 - -To execute with features enabled/disabled: -Inveigh.ps1 -IP 'local IP' -SpoofIP 'local or remote IP' -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ForceWPADAuth Y/N -Output 0,1,2 -OutputDir 'valid folder path' - -# Screenshot - diff --git a/old/TODO.md b/old/TODO.md deleted file mode 100644 index f137a8c..0000000 --- a/old/TODO.md +++ /dev/null @@ -1,12 +0,0 @@ -## To Do -- [ ] Code cleanup -- [x] Add NBNS spoofer -- [x] Add ability to capture NTLMv1 challenge/responses -- [ ] Add ability to capture LM challenge/responses -- [x] Add HTTP for challenge/response captures -- [x] Add HTTPS for challenge/response captures -- [x] Add Get-Help style comments -- [ ] Add SMB listener -- [ ] Add exfiltration method for captures -- [ ] Add SMBRelay -- [ ] Add wpad.dat
\ No newline at end of file diff --git a/old/inveigh.pfx b/old/inveigh.pfx Binary files differdeleted file mode 100644 index 5fa7503..0000000 --- a/old/inveigh.pfx +++ /dev/null |