diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2016-01-12 11:01:35 -0500 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2016-01-12 11:01:35 -0500 |
| commit | 5cbec815b38e6efe0ea5ad2d8706506ddd7e398e (patch) | |
| tree | b57bbec707e5d20acd31a9984179ce7f6a189e2c /README.md | |
| parent | a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab (diff) | |
| download | Inveigh-5cbec815b38e6efe0ea5ad2d8706506ddd7e398e.tar.gz Inveigh-5cbec815b38e6efe0ea5ad2d8706506ddd7e398e.zip | |
Spoofer, HTTP/HTTPS, and WPAD additions/changes1.0.0
LLMNR/NBNS spoofer:
SpooferIPsReply/SpooferIPsIgnore - These parameters provide granular
control over what systems to respond to when spoofing.
SpooferHostsReply/SpooferHostsIgnore - These parameters provide granular
control over what requested hostnames to respond to when spoofing. Note
that SpooferHostsAccept replaces SpoofList.
SpooferRepeat - This parameter replaces Repeat in order to sync the
parameter name with the prefix used for other spoofer parameters.
HTTP/HTTPS Listener:
HTTPAuth - This parameter provides the ability to set the HTTP/HTTPS
non-WPAD auth to NTLM, Basic, or Anonymous. Basic authentication can be
used to capture cleartext credentials (thanks @xorrior!).
HTTPBasicRealm - Set a realm name if Basic auth is enabled.
HTTPDir/HTTPDefaultFile/HTTPDefaultEXE/HTTPResponse - These parameters
provide control over the content served by the listener.
HTTPSCertThumbprint - This parameter provides the ability to more easily
set the thumbprint for custom certs.
HTTP/HTTPS requests are now reported and/or logged.
WPAD:
WPADIP/WPADPort - These parameters provide the ability to configure a
proxy server on victim systems through WPAD.
WPADResponse - These parameters provide the ability to configure a
custom wpad.dat response rather than the basic one used by WPADIP and
WPADPort.
WPADAuth - This parameter provides the ability to set the HTTP/HTTPS
WPAD auth to NTLM, Basic, or Anonymous. Basic authentication can be used
to capture cleartext credentials (thanks @xorrior!). Note that this
parameter replaces ForceWPADAuth.
Miscellaneous:
Get-InveighCleartext - Gets all captured cleartext credentials.
Inspect - This switch parameter serves as an easier way to inspect
LLMNR/NBNS traffic. If -Inspect is added to the command line, LLMNR,
NBNS, HTTP, HTTPS, and SMB are disabled.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 14 |
1 files changed, 12 insertions, 2 deletions
@@ -37,7 +37,7 @@ To load and execute with one line: Import-Module ./Inveigh.ps1;Invoke-Inveigh To execute with features enabled/disabled: -Invoke-Inveigh -IP 'local IP' -SpoofIP 'local or remote IP' -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ConsoleOutput Y/N -FileOutput Y/N -OutputDir 'valid folder path' +Invoke-Inveigh -IP 'local IP' -SpooferIP 'local or remote IP' -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ConsoleOutput Y/N -FileOutput Y/N -OutputDir 'valid folder path' To execute with SMB relay enabled through Invoke-Inveigh: Invoke-Inveigh -SMBRelay Y -SMBRelayTarget 'valid SMB target IP' -SMBRelayCommand "valid command to run on target" @@ -51,6 +51,7 @@ Use 'Get-Help -parameter * Invoke-Inveigh' for a full list of parameters Invoke-Inveigh - Start Inveigh with or without parameters Invoke-InveighRelay - SMB relay function Get-Inveigh - Get queued console output +Get-InveighCleartext - Get all captured cleartext credentials Get-InveighLog - Get log entries Get-InveighNTLM - Get all captured challenge/response hashes Get-InveighNTLMv1 - Get captured NTLMv1 challenge/response hashes @@ -60,9 +61,18 @@ Watch-Inveigh - Enable real time console output Clear-Inveigh - Clear Inveigh data from memory Stop-Inveigh - Stop all running Inveigh functions +# Included In +PowerShell Empire - https://github.com/PowerShellEmpire/Empire +PS>Attack - https://github.com/jaredhaight/psattack + +# Special Thanks +Anyone that posted .net packet sniffing examples. +Responder - https://github.com/SpiderLabs/Responder +Impacket - https://github.com/CoreSecurity/impacket + # Screenshots Invoke-Inveigh execution with real time console and file output enabled - + Retrieval of captured NTLM2 challenge/response hashes with Get-InveighNTLMv2  |