diff options
| author | Kevin Robertson <Kevin-Robertson@users.noreply.github.com> | 2021-12-14 22:51:16 -0500 |
|---|---|---|
| committer | Kevin Robertson <Kevin-Robertson@users.noreply.github.com> | 2021-12-14 22:51:16 -0500 |
| commit | beeac5e725d7e1a84c9f4083d60a7341a49ebfac (patch) | |
| tree | 086ec2aec5a0f90072d181b42c5200ca60379141 | |
| parent | e87cb0a3bc481224c197e3d4cc39527e78b31079 (diff) | |
| download | Inveigh-beeac5e725d7e1a84c9f4083d60a7341a49ebfac.tar.gz Inveigh-beeac5e725d7e1a84c9f4083d60a7341a49ebfac.zip | |
bug fixes, new output level
| -rw-r--r-- | Inveigh/Program.cs | 3 | ||||
| -rw-r--r-- | Inveigh/Protocols/Quiddity/Quiddity/Protocols/DNS/DNSChecker.cs | 17 | ||||
| -rw-r--r-- | Inveigh/Support/Arguments.cs | 2 | ||||
| -rw-r--r-- | Inveigh/Support/Output.cs | 23 | ||||
| -rw-r--r-- | Inveigh/Support/Shell.cs | 47 |
5 files changed, 67 insertions, 25 deletions
diff --git a/Inveigh/Program.cs b/Inveigh/Program.cs index c6d12ca..3643392 100644 --- a/Inveigh/Program.cs +++ b/Inveigh/Program.cs @@ -13,7 +13,7 @@ namespace Inveigh public static string argCert = "MIIKaQIBAzCCCiUGCSqGSIb3DQEHAaCCChYEggoSMIIKDjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAgWD1s9eOnQ+gICB9AEggTYRCVf30yt6/DwB9YstkoQ/dYXtDyGEUychrTBlJleP3xHlqkglZXuJXje2Wkx5U25+fajC6EsOJUjDzzF3Jm/1iyS7J9uXs5INEtA1Qg8zLlkggaxQcl6izWAg7cgNWGb2mVg+cYWe88WnCc04h05X01GsQ53YZkWTAoGJ3ogPei8C0n+MFkj73t++WhC2T7oVnQTd0IzPnfDwwCPzPJB9wqKJF6WwImysTMAaVdFCRd+4nqWZsYqgwhjEtdAKLZfxpxRoYvLwvLL/+QtK9MxlaOX3j5/Hk+EuwqsUTTlEPGFog1GZuB6fMI9/CIy0LhxugJxuZkxsNe3Ijh5PHPTpLz9Z6EubNJtYAn8t9r3Mu3kMhWRe0tyJbO3VfftBkp3aqg/Os0iETPdsNTy5UCwzgYKSd2y2nmyHMlNPOdlrobMsoGg/vkIDOWyslma8exvjj8LzFrCriQ6mXE4qfcZU5GSkVxsqCEidlj8Ex7AUJObRNmVn01Q+83O/05/JYipudDG6SsheagsHPpbzI+Nxa5LFE0xyNJk3xRKFUNa0/wr7mKQVYu5UnPiuCIUYIwqK77yu2G5Tcnst/4STc1TyAWeacUmhynTCnF98HIxXrU160HofVO1s7kRBpc01vVM4wc7xrJk78KmjeXtFxuKOBSTVb253Q+k5a0P3oJ3PudQGWgrQKr7HpAbL19C9l+y3tQbSuDCxFZa2vKfYfQ7YwNvTTPbbDwFG6kRAn61hjWRb2Gc1ZuBmNEUtMeVtbGj3Lg2wfM3E5OSB2t7oiL+yOk78tvoPmCsKVtPKjAPoZ7bq9PST/iqaRzbh7FWyo8NRhh/mLP70KnjcT3eB2HCiX/5o/UroweKU7S5lebG1qFGQykgvz01IhGL0dOlsUQY+ZzbLIYciSunCN7GQjAc4yPlrFeaIO3iFu/ZatVasqS97nFz/VuFwCrCemiV+hDoLykFcyhwYQofaFXJ0eTlg92oeu6JkChP9Z6xgcTq5a/IRH+tRFHbQ0UONdPjkZwlkSl6W2VLptkxBTe0FZjXy/SVqhmSXR2PKe9le3a+zBsYlv7eqiDaf7T/ZlWe2AUJFNPtmd+0tLq9L0Wlias3mJb3hcNDw6k9xoSFTFtfbMeUHQhoA8Ae4+hrHJT5kGmqTXdm6G4QkhlswN5HakRESTvXHs7rpI5AlO8suFIxB+QxaeBhBZTJS1Q5K1LlCvC93slnzlg+O3XSX6lGpzNuaTT0pPPL15cdW0i0OpGNQH9rc84N4PXpQcGW1t8Ca0QQnNcip28MfKA64SFLFMHtQqwrrWx7tHJDtPLdOzPeuUHW2JnfyrhZlxQwS70IKJI9J0O3+z8dsLTgxLgfq/7QyOe9qn+9avV2tRReKyZwzU+TDvUaMzVXH8X0GauXO9AMB8s7PkHT1oxxtNtqOYuyleJMM557p14vgGKPBllY/ASNvzDUYja8SBBpxaj6w2KV75LKH0ktIABII8e4G8xADidmJhWD7emoLc7Ho5FIiYqjtyyHNjIXNyChhoHdUHnhqpd7wZ2Dw80hQAUypG1VDhBBRZU/ti1XlfDJ305zt0QeU7e4SM7LIF/5c8OpgvQH6gBz/V2KuKM+qBxyhdq0RJQYkthGjH7n6gDOTflyPSJGLNRToKQQtTGB4jANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBdBgkqhkiG9w0BCRQxUB5OAHQAZQAtAGYAZQA2ADIAMQA5AGQAZgAtADgANwBkAGMALQA0AGEAZQBmAC0AYgA0AGYANgAtADcANwBlADIAZAA0AGIAYwBkAGUANwA1MF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAG8AZgB0AHcAYQByAGUAIABLAGUAeQAgAFMAdABvAHIAYQBnAGUAIABQAHIAbwB2AGkAZABlAHIwggP3BgkqhkiG9w0BBwagggPoMIID5AIBADCCA90GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECGhIHlDjLTyAAgIH0ICCA7CSK4ltfEIhaTytx5Cnz2cQuj0tlB7N54jdmEI8uFsA5kB5yR9bo5RyETfveI+6a+3u5VWCvkyV4b8c8MbED1jpOAmkNZ+wENIre7W5eCGIDxGSZJtaxPlPTLkfT7uxpvOIqWQTpOTATqjfLACTbo7cxitsZFD+Gm5NdqCFkEUAlihC7bvVe5XVxm6M1DSSKxeM1k8uEIXCi0zGc+awEjRNLj9ee2i4oyUNTdNSHIklPuURknEMFItaKsa3hRsaUC7AZzgt03uNV+HEZG1rrqf6qz6J4IQeCC25UzlxM433Nxv92jJkK7tLDgQykDpl6XsXaUi+pZHw9iuLR/lat9RzjhNRv7O5AEQZAEhxVaXE9e2T2ByNvTsiudsS6gwrjq2QSHFTD9LA1iO4/2Zo9ujOCj0OCP5lF8NHWJXA7ove+b683190N52UH3cKi0UFajsgt4Tp3JCyx4sBoBo8vxXGCz/u66oeA81pX/QMkPQxwJeVvnJGLa1MPqkuRVwdby2RjP0hgGudX2/OOj7mtUrJpfG2A+TvEidridpxEN9PsFPS2DXwTc+hn5YFiMJgK3jptkQfQj3Uo/5TWF0Oa58xGZfTVVNgX9QbUSYDKlhA22cyrqySoMhY6y2nqGq4LBSi20pVdPZbEhI2OlWeq7auhxqKAM1iy2cjW8BS4djG9M3YYdXDyO55MziPfDpfQCthNHLqarV4w4M+5OjYggSkUaikc5NFjpXDclzNsvMveyt4cdF8cODjRi9igF88kVYKRzkcHa8Ok64lHtML1P/DWNn3lWdUKKRXtU1LL9+/Adp8JzYeTNUJy/xfd5X4X+Tz6fPkhvjdu/PYrX3vzSUsEhmLywLTe2nyBBuv7XGme8mGupUgaKE6EGECH6JPNFBYaQmV/mwHgQMuLRG8OyvReTt1AMn0cuT4vzqnv8ApwxYMcfwVl23R0tTytbGcbIOlolA7in2LcR5OG9fCgxt6el+pAj0IAtP2Jq4DkXdPX9Ohx9B3Hc+7M9cUCj0oT8WDo3sS57rayy9D5VX4UC7uaGchOrs0TQ6mgdgIvEhXhHj0hqwjQzaW1udEXjbUJN55UxDCQbyiqdpdskV9V1+hnjHQqTLcS4UYqV/ChA7dDoskWA4rUB1/EIo0QIcKDNjMrA67E4gjt+ONlD/p3RMRhiMOtc6T90dR6yiHjF7PFa24xVNpeV1VugC7doZ7MXZsiblgUrT9gg4pO1J8PnOs4TwJb9DGgGBTkQw9AxKP1TA7MB8wBwYFKw4DAhoEFD2xo+0lgWL1jEX5sN5TfTNIdor8BBRtEuUbR/VKBxuoDmnvDwJkV4RNugICB9A="; public static string argCertPassword = "password"; public static string argChallenge = ""; - public static string argConsole = "3"; + public static string argConsole = "4"; public static string argConsoleLimit = "-1"; public static string argConsoleStatus = "0"; public static string argConsoleUnique = "Y"; @@ -91,6 +91,7 @@ namespace Inveigh //end parameters public static ConsoleColor colorPositive = ConsoleColor.Green; // change output colors here public static ConsoleColor colorNegative = ConsoleColor.Red; + public static ConsoleColor colorDisabled = ConsoleColor.DarkGray; public static Hashtable smbSessionTable = Hashtable.Synchronized(new Hashtable()); public static Hashtable httpSessionTable = Hashtable.Synchronized(new Hashtable()); public static IList<string> outputList = new List<string>(); diff --git a/Inveigh/Protocols/Quiddity/Quiddity/Protocols/DNS/DNSChecker.cs b/Inveigh/Protocols/Quiddity/Quiddity/Protocols/DNS/DNSChecker.cs index 5a23ffd..c8da935 100644 --- a/Inveigh/Protocols/Quiddity/Quiddity/Protocols/DNS/DNSChecker.cs +++ b/Inveigh/Protocols/Quiddity/Quiddity/Protocols/DNS/DNSChecker.cs @@ -77,6 +77,7 @@ namespace Quiddity.DNS public bool Check(string name, string type, string clientIP) { + if (this.Inspect) { this.OutputMessage = this.OutputInspect; @@ -102,26 +103,16 @@ namespace Quiddity.DNS this.OutputMessage = this.OutputServiceDenied; return false; } - else if (HostIsDenied(name)) + else if (HostIsDenied(name) && FQDNIsDenied(name)) { this.OutputMessage = this.OutputHostDenied; return false; } - else if (!HostIsAllowed(name)) - { - this.OutputMessage = this.OutputIPDenied; - return false; - } - else if (FQDNIsDenied(name)) + else if (!HostIsAllowed(name) && !FQDNIsAllowed(name)) { this.OutputMessage = this.OutputHostDenied; return false; } - else if (!FQDNIsAllowed(name)) - { - this.OutputMessage = this.OutputIPDenied; - return false; - } else if (IPIsDenied(clientIP)) { this.OutputMessage = this.OutputIPDenied; @@ -228,7 +219,7 @@ namespace Quiddity.DNS public bool FQDNIsDenied(string name) { - + if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreHosts) && Array.Exists(this.IgnoreHosts, element => element == name.ToUpper())) { return true; diff --git a/Inveigh/Support/Arguments.cs b/Inveigh/Support/Arguments.cs index 20cdc27..c3fc8f2 100644 --- a/Inveigh/Support/Arguments.cs +++ b/Inveigh/Support/Arguments.cs @@ -104,7 +104,7 @@ namespace Inveigh }; ValidateStringArguments(ynArguments, ynArgumentValues, new string[] { "Y", "N" }); - ValidateStringArguments(new string[] { nameof(Program.argConsole) }, new string[] { Program.argConsole }, new string[] { "0", "1", "2", "3" }); + ValidateStringArguments(new string[] { nameof(Program.argConsole) }, new string[] { Program.argConsole }, new string[] { "0", "1", "2", "3", "4" }); string[] authArguments = { nameof(Program.argHTTPAuth), nameof(Program.argProxyAuth), nameof(Program.argWPADAuth), nameof(Program.argWebDAVAuth) }; string[] authArgumentValues = { Program.argHTTPAuth, Program.argProxyAuth, Program.argWPADAuth, Program.argWebDAVAuth }; ValidateStringArguments(authArguments, authArgumentValues, new string[] { "ANONYMOUS", "BASIC", "NTLM" }); diff --git a/Inveigh/Support/Output.cs b/Inveigh/Support/Output.cs index ce5a3a8..a8f98ff 100644 --- a/Inveigh/Support/Output.cs +++ b/Inveigh/Support/Output.cs @@ -234,6 +234,10 @@ namespace Inveigh { OutputColor(consoleEntry, "+", Program.colorPositive); } + else if (entryType.Equals(" ")) + { + OutputColor(consoleEntry, " ", Program.colorDisabled); + } else if (entryType.Equals("!")) { Console.ForegroundColor = ConsoleColor.Yellow; @@ -354,7 +358,7 @@ namespace Inveigh public static void GetStartupMessageIP(string ipType, string address1, string address2) { string startupMessage = ""; - string optionStatus = "-"; + string optionStatus = " "; if (Program.enabledIPv4 && !string.IsNullOrEmpty(address1) && Program.enabledIPv6 && !string.IsNullOrEmpty(address2)) { @@ -383,7 +387,7 @@ namespace Inveigh { string startupMessage; string optionType = "Listener"; - string optionStatus = "-"; + string optionStatus = " "; string types; string typesHeader = "Type"; string questions; @@ -450,7 +454,7 @@ namespace Inveigh { string startupMessage = ""; string optionType = "Listener"; - string optionStatus = "-"; + string optionStatus = " "; string portHeading = "Port"; if (Program.enabledSniffer && protocol.StartsWith("SMB")) @@ -699,6 +703,10 @@ namespace Inveigh { status = "+"; } + else if (outputMessage.Equals("disabled")) + { + status = " "; + } Queue(string.Format("[{0}] [{1}] {2}({3}) request [{4}] from {5} [{6}]", status, Timestamp(), protocol, type, request, clientIP, outputMessage)); } @@ -832,7 +840,7 @@ namespace Inveigh if (nullarg || string.Equals(arg, "CONSOLE")) { string argument = "Console"; - string description = "Default=3: Set the level for console output. (0=none, 1=only captures/spoofs, 2=no informational, 3=all)"; + string description = "Default=4: Set the level for console output. (0=none, 1=only captures/spoofs, 2=no disabled, no informational, 3=no disabled, 4=all)"; OutputHelp(argument, description); } @@ -1341,7 +1349,12 @@ namespace Inveigh while (Program.outputList.Count > 0) { - if (Program.console == 3) + if (Program.console == 4) + { + Program.consoleList.Add(Program.outputList[0]); + } + + if (Program.console == 3 && (Program.outputList[0].StartsWith("[*]") || Program.outputList[0].StartsWith("[+]") || Program.outputList[0].StartsWith("[-]") || Program.outputList[0].StartsWith("[.]") || !Program.outputList[0].StartsWith("["))) { Program.consoleList.Add(Program.outputList[0]); } diff --git a/Inveigh/Support/Shell.cs b/Inveigh/Support/Shell.cs index 5f4d8b0..522e0be 100644 --- a/Inveigh/Support/Shell.cs +++ b/Inveigh/Support/Shell.cs @@ -34,6 +34,14 @@ namespace Inveigh "get ntlmv2usernames", "get cleartext", "get cleartextunique", + "get replytohosts", + "get replytoips", + "get replytodomains", + "get replytomacs", + "get ignorehosts", + "get ignoreips", + "get ignoredomains", + "get ignoremacs", "history", "resume", "stop" @@ -427,26 +435,46 @@ namespace Inveigh GetNTLMv2Usernames(search); break; - case "GET SPOOFERReplyToHosts": + case "GET REPLYTOHOSTS": foreach (string entry in Program.argReplyToHosts) Console.WriteLine(entry); break; - case "GET SPOOFERHOSTSDENY": + case "GET IGNOREHOSTS": foreach (string entry in Program.argIgnoreHosts) Console.WriteLine(entry); break; - case "GET SPOOFERReplyToIPs": - foreach (string entry in Program.argReplyToHosts) + case "GET REPLYTOIPS": + foreach (string entry in Program.argReplyToIPs) Console.WriteLine(entry); break; - case "GET SPOOFERIPSDENY": + case "GET IGNOREIPS": foreach (string entry in Program.argIgnoreHosts) Console.WriteLine(entry); break; + case "GET REPLYTODOMAINS": + foreach (string entry in Program.argReplyToDomains) + Console.WriteLine(entry); + break; + + case "GET IGNOREDOMAINS": + foreach (string entry in Program.argIgnoreDomains) + Console.WriteLine(entry); + break; + + case "GET REPLYTOMACS": + foreach (string entry in Program.argReplyToMACs) + Console.WriteLine(entry); + break; + + case "GET IGNOREMACS": + foreach (string entry in Program.argIgnoreMACs) + Console.WriteLine(entry); + break; + case "?": case "HELP": GetHelp(); @@ -511,6 +539,14 @@ namespace Inveigh commands.Add("GET NTLMV2USERNAMES,get usernames and source IPs/hostnames for captured NTLMv2 hashes"); commands.Add("GET CLEARTEXT,get captured cleartext credentials"); commands.Add("GET CLEARTEXTUNIQUE,get unique captured cleartext credentials"); + commands.Add("GET REPLYTODOMAINS,get ReplyToDomains parameter startup values"); + commands.Add("GET REPLYTOHOSTS,get ReplyToHosts parameter startup values"); + commands.Add("GET REPLYTOIPS,get ReplyToIPs parameter startup values"); + commands.Add("GET REPLYTOMACS,get ReplyToMACs parameter startup values"); + commands.Add("GET IGNOREDOMAINS,get IgnoreDomains parameter startup values"); + commands.Add("GET IGNOREHOSTS,get IgnoreHosts parameter startup values"); + commands.Add("GET IGNOREIPS,get IgnoreIPs parameter startup values"); + commands.Add("GET IGNOREMACS,get IgnoreMACs parameter startup values"); commands.Add("HISTORY,get console command history"); commands.Add("RESUME,resume real time console output"); commands.Add("STOP,stop Inveigh"); @@ -757,4 +793,5 @@ namespace Inveigh } } + } |