diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2015-08-05 22:39:33 -0400 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2015-08-05 22:39:33 -0400 |
| commit | b7e2bb76537dd8c31feecbf817095a361914e55f (patch) | |
| tree | 4753779248db9fe3be1a2d9aed3e95e818868607 /README.md | |
| parent | 303a4180214cd99329b5dddcf440f480b6052608 (diff) | |
| download | Inveigh-b7e2bb76537dd8c31feecbf817095a361914e55f.tar.gz Inveigh-b7e2bb76537dd8c31feecbf817095a361914e55f.zip | |
Added parameter for controlling output directory. Added first version of loader script for easier execution as a payload.
Added '-OutputDir' parameter for controlling the output directory. Added
'Inveigh-Loader.ps1' script which has additional options for running
Inveigh as an unattended payload. Performed some cleanup. Updated
screenshot in readme.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -2,10 +2,10 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions. # Requirements -Tested with PowerShell 2.0 and .NET 3.5. +Tested minimums are PowerShell 2.0 and .NET 3.5. # Notes -1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture. +1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture. 2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets. 3. SMB challenge/response captures are performed by sniffing over the host system's SMB service. 4. HTTP challenge/response captures are performed with a dedicated listener. @@ -17,13 +17,13 @@ Tested with PowerShell 2.0 and .NET 3.5. 10. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns. # Usage -Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass script execution policy. +Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass the PowerShell script execution policy. To execute with default settings: Inveigh.ps1 To execute with features enabled/disabled: -Inveigh.ps1 -i localip -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ForceWPADAuth Y/N -Output 0,1,2 +Inveigh.ps1 -IP 'local IP' -SpoofIP 'local or remote IP' -LLMNR Y/N -NBNS Y/N -NBNSTypes 00,03,20,1B -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ForceWPADAuth Y/N -Output 0,1,2 -OutputDir 'valid folder path' # Screenshot - + |