diff options
| author | Kevin Robertson <Kevin-Robertson@users.noreply.github.com> | 2019-02-25 23:02:51 -0500 |
|---|---|---|
| committer | Kevin Robertson <Kevin-Robertson@users.noreply.github.com> | 2019-02-25 23:02:51 -0500 |
| commit | 14dbf8aca26eaaa807fcfaa21e94047294186485 (patch) | |
| tree | ca255fb6663593018ec06797546e33ad7e0589a0 /Inveigh-Relay.ps1 | |
| parent | 7627a737daf28d1a039c2693e3dc5c90feb62862 (diff) | |
| download | Inveigh-14dbf8aca26eaaa807fcfaa21e94047294186485.tar.gz Inveigh-14dbf8aca26eaaa807fcfaa21e94047294186485.zip | |
Added SMB Kerberos TGT capture and kirbi output
Added SMB Kerberos TGT capture through packet sniffing and kirbi output. To use, credentials are required for an account with unconstrained delegation.
This is still in the early stages. I'm not using an ASN.1 library so there is probably lots that can throw off the parsing.
Diffstat (limited to 'Inveigh-Relay.ps1')
| -rw-r--r-- | Inveigh-Relay.ps1 | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/Inveigh-Relay.ps1 b/Inveigh-Relay.ps1 index 0b99c3b..ce5af25 100644 --- a/Inveigh-Relay.ps1 +++ b/Inveigh-Relay.ps1 @@ -6961,18 +6961,24 @@ Get added DNS host records. .PARAMETER ADIDNSFailed Get failed DNS host record adds. -.PARAMETER Learning -Get valid hosts discovered through spoofer learning. - -.PARAMETER Log -Get log entries. - .PARAMETER Cleartext Get captured cleartext credentials. .PARAMETER CleartextUnique Get unique captured cleartext credentials. +.PARAMETER KerberosUsername +Get IP addresses, usernames, and index for captured Kerberos TGTs. + +.PARAMETER KerberosTGT +Get Kerberos TGT kirbi byte array by index. + +.PARAMETER Learning +Get valid hosts discovered through spoofer learning. + +.PARAMETER Log +Get log entries. + .PARAMETER NTLMv1 Get captured NTLMv1 challenge/response hashes. @@ -7009,6 +7015,8 @@ Get relay session list. [parameter(Mandatory=$false)][Switch]$Console, [parameter(Mandatory=$false)][Switch]$ADIDNS, [parameter(Mandatory=$false)][Switch]$ADIDNSFailed, + [parameter(Mandatory=$false)][Int]$KerberosTGT, + [parameter(Mandatory=$false)][Switch]$KerberosUsername, [parameter(Mandatory=$false)][Switch]$Learning, [parameter(Mandatory=$false)][Switch]$Log, [parameter(Mandatory=$false)][Switch]$NTLMv1, @@ -7079,6 +7087,7 @@ Get relay session list. if($ADIDNSFailed) { + $ADIDNS_table_keys_temp = $inveigh.ADIDNS_table.Keys foreach($ADIDNS_host in $ADIDNS_table_keys_temp) @@ -7093,6 +7102,16 @@ Get relay session list. } + if($KerberosTGT) + { + Write-Output $inveigh.kerberos_TGT_list[$KerberosTGT] + } + + if($KerberosUsername) + { + Write-Output $inveigh.kerberos_TGT_username_list + } + if($Log) { Write-Output $inveigh.log @@ -7183,7 +7202,6 @@ Get relay session list. if($Session) { - $sessions_temp = $inveigh.session $i = 0 while($i -lt $inveigh.session_socket_table.Count) @@ -7197,14 +7215,12 @@ Get relay session list. $i++ } - Write-Output $sessions_temp | Format-Table -AutoSize + Write-Output $inveigh.session | Format-Table -AutoSize } if($Enumerate) { - $enumerate_temp = $inveigh.enumerate - Write-Output $enumerate_temp - Remove-Variable enumerate_temp + Write-Output $inveigh.enumerate } } |