Added ability to display only one captured challenge/response for each unique account

Added the 'unique' parameter to Get-InveighNTLMv1 and Get-InveighNTLMv2. If 'unique' is enabled, only the first captured challenge/response for each unique account will be displayed.
author: Kevin Robertson <robertsonk@gmail.com> 2015-12-09 21:44:30 -0500
committer: Kevin Robertson <robertsonk@gmail.com> 2015-12-09 21:44:30 -0500
commit: a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab (patch)
tree: e09f0586e56f7417d1341a6a7d7ed795128c32b4 /Scripts/Inveigh.ps1
parent: 1a5deebdc7cb2974d5fb02968a4e93201e56d144 (diff)
download: Inveigh-a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab.tar.gz
Inveigh-a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab.zip
1 files changed, 68 insertions, 2 deletions
diff --git a/Scripts/Inveigh.ps1 b/Scripts/Inveigh.ps1
index c918e65..3112a75 100644
--- a/Scripts/Inveigh.ps1
+++ b/Scripts/Inveigh.ps1
@@ -1494,8 +1494,41 @@ Function Get-InveighNTLMv1
     <#
     .SYNOPSIS
     Get-InveighNTLMv1 will get captured NTLMv1 challenge/response hashes.
+    
+    .PARAMETER Unique
+    Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account.
     #>
-    $inveigh.NTLMv1_list
+    param
+    ( 
+        [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N",
+        [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter
+    )
+
+    if ($invalid_parameter)
+    {
+        throw "$($invalid_parameter) is not a valid parameter."
+    }
+
+    if($Unique -eq 'y')
+    {
+        $inveigh.NTLMv1_list.sort()
+
+        foreach($unique_NTLMv1 in $inveigh.NTLMv1_list)
+        {
+            $unique_NTLMv1_account = $unique_NTLMv1.substring(0,$unique_NTLMv1.indexof(":",($unique_NTLMv1.indexof(":")+2)))
+
+            if($unique_NTLMv1_account -ne $unique_NTLMv1_account_last)
+            {
+                $unique_NTLMv1
+            }
+
+            $unique_NTLMv1_account_last = $unique_NTLMv1_account
+        }
+    }
+    else
+    {
+        $inveigh.NTLMv1_list
+    }
 }
 
 Function Get-InveighNTLMv2
@@ -1503,8 +1536,41 @@ Function Get-InveighNTLMv2
     <#
     .SYNOPSIS
     Get-InveighNTLMv2 will get captured NTLMv1 challenge/response hashes.
+
+    .PARAMETER Unique
+    Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account.
     #>
-    $inveigh.NTLMv2_list
+    param
+    ( 
+        [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N",
+        [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter
+    )
+
+    if ($invalid_parameter)
+    {
+        throw "$($invalid_parameter) is not a valid parameter."
+    }
+
+    if($Unique -eq 'y')
+    {
+        $inveigh.NTLMv2_list.sort()
+
+        foreach($unique_NTLMv2 in $inveigh.NTLMv2_list)
+        {
+            $unique_NTLMv2_account = $unique_NTLMv2.substring(0,$unique_NTLMv2.indexof(":",($unique_NTLMv2.indexof(":")+2)))
+
+            if($unique_NTLMv2_account -ne $unique_NTLMv2_account_last)
+            {
+                $unique_NTLMv2
+            }
+
+            $unique_NTLMv2_account_last = $unique_NTLMv2_account
+        }
+    }
+    else
+    {
+        $inveigh.NTLMv2_list
+    }
 }
 
 Function Get-InveighLog
author	Kevin Robertson <robertsonk@gmail.com>	2015-12-09 21:44:30 -0500
committer	Kevin Robertson <robertsonk@gmail.com>	2015-12-09 21:44:30 -0500
commit	a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab (patch)
tree	e09f0586e56f7417d1341a6a7d7ed795128c32b4 /Scripts/Inveigh.ps1
parent	1a5deebdc7cb2974d5fb02968a4e93201e56d144 (diff)
download	Inveigh-a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab.tar.gz Inveigh-a4fce4bbfc0960d50a7df8244dde05d9de6ed9ab.zip