diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2015-09-13 15:24:02 -0400 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2015-09-13 15:24:02 -0400 |
| commit | 03334ecc2270b11d14f1f0a2268039387c7b1515 (patch) | |
| tree | 8aca14e6085887c7bf0a74acaec3f1c4408e0d5f | |
| parent | b7e2bb76537dd8c31feecbf817095a361914e55f (diff) | |
| download | Inveigh-03334ecc2270b11d14f1f0a2268039387c7b1515.tar.gz Inveigh-03334ecc2270b11d14f1f0a2268039387c7b1515.zip | |
Old version
Keeping the older version easily accessible until the new version is
tested more.
| -rw-r--r-- | old/Inveigh-Loader.ps1 (renamed from Inveigh-Loader.ps1) | 0 | ||||
| -rw-r--r-- | old/Inveigh.ps1 | bin | 0 -> 73010 bytes | |||
| -rw-r--r-- | old/LICENSE.md | 31 | ||||
| -rw-r--r-- | old/README.md | 29 | ||||
| -rw-r--r-- | old/TODO.md | 12 | ||||
| -rw-r--r-- | old/inveigh.pfx | bin | 0 -> 2550 bytes |
6 files changed, 72 insertions, 0 deletions
diff --git a/Inveigh-Loader.ps1 b/old/Inveigh-Loader.ps1 index 5e4f4ac..5e4f4ac 100644 --- a/Inveigh-Loader.ps1 +++ b/old/Inveigh-Loader.ps1 diff --git a/old/Inveigh.ps1 b/old/Inveigh.ps1 Binary files differnew file mode 100644 index 0000000..436d505 --- /dev/null +++ b/old/Inveigh.ps1 diff --git a/old/LICENSE.md b/old/LICENSE.md new file mode 100644 index 0000000..9790f29 --- /dev/null +++ b/old/LICENSE.md @@ -0,0 +1,31 @@ +Inveigh is provided under the 3-clause BSD license below. + +************************************************************* + +Copyright (c) 2015, Kevin Robertson +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +* Neither the name of Inveigh nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/old/README.md b/old/README.md new file mode 100644 index 0000000..2255b06 --- /dev/null +++ b/old/README.md @@ -0,0 +1,29 @@ +# Inveigh +Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions. + +# Requirements +Tested minimums are PowerShell 2.0 and .NET 3.5. + +# Notes +1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture. +2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets. +3. SMB challenge/response captures are performed by sniffing over the host system's SMB service. +4. HTTP challenge/response captures are performed with a dedicated listener. +5. The local LLMNR/NBNS services do not need to be disabled on the host system. +6. LLMNR/NBNS spoofer will point victims to host system's SMB service, keep account lockout scenarios in mind. +7. Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS. +8. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system. +9. Output files will be created in current working directory. +10. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns. + +# Usage +Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass the PowerShell script execution policy. + +To execute with default settings: +Inveigh.ps1 + +To execute with features enabled/disabled: +Inveigh.ps1 -IP 'local IP' -SpoofIP 'local or remote IP' -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ForceWPADAuth Y/N -Output 0,1,2 -OutputDir 'valid folder path' + +# Screenshot + diff --git a/old/TODO.md b/old/TODO.md new file mode 100644 index 0000000..f137a8c --- /dev/null +++ b/old/TODO.md @@ -0,0 +1,12 @@ +## To Do +- [ ] Code cleanup +- [x] Add NBNS spoofer +- [x] Add ability to capture NTLMv1 challenge/responses +- [ ] Add ability to capture LM challenge/responses +- [x] Add HTTP for challenge/response captures +- [x] Add HTTPS for challenge/response captures +- [x] Add Get-Help style comments +- [ ] Add SMB listener +- [ ] Add exfiltration method for captures +- [ ] Add SMBRelay +- [ ] Add wpad.dat
\ No newline at end of file diff --git a/old/inveigh.pfx b/old/inveigh.pfx Binary files differnew file mode 100644 index 0000000..5fa7503 --- /dev/null +++ b/old/inveigh.pfx |