diff options
| -rw-r--r-- | Scripts/Inveigh-Relay.ps1 | 70 | ||||
| -rw-r--r-- | Scripts/Inveigh.ps1 | 70 |
2 files changed, 136 insertions, 4 deletions
diff --git a/Scripts/Inveigh-Relay.ps1 b/Scripts/Inveigh-Relay.ps1 index 2a220f8..848a683 100644 --- a/Scripts/Inveigh-Relay.ps1 +++ b/Scripts/Inveigh-Relay.ps1 @@ -1524,8 +1524,41 @@ Function Get-InveighNTLMv1 <# .SYNOPSIS Get-InveighNTLMv1 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv1_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv1_list.sort() + + foreach($unique_NTLMv1 in $inveigh.NTLMv1_list) + { + $unique_NTLMv1_account = $unique_NTLMv1.substring(0,$unique_NTLMv1.indexof(":",($unique_NTLMv1.indexof(":")+2))) + + if($unique_NTLMv1_account -ne $unique_NTLMv1_account_last) + { + $unique_NTLMv1 + } + + $unique_NTLMv1_account_last = $unique_NTLMv1_account + } + } + else + { + $inveigh.NTLMv1_list + } } Function Get-InveighNTLMv2 @@ -1533,8 +1566,41 @@ Function Get-InveighNTLMv2 <# .SYNOPSIS Get-InveighNTLMv2 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv2_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv2_list.sort() + + foreach($unique_NTLMv2 in $inveigh.NTLMv2_list) + { + $unique_NTLMv2_account = $unique_NTLMv2.substring(0,$unique_NTLMv2.indexof(":",($unique_NTLMv2.indexof(":")+2))) + + if($unique_NTLMv2_account -ne $unique_NTLMv2_account_last) + { + $unique_NTLMv2 + } + + $unique_NTLMv2_account_last = $unique_NTLMv2_account + } + } + else + { + $inveigh.NTLMv2_list + } } Function Get-InveighLog diff --git a/Scripts/Inveigh.ps1 b/Scripts/Inveigh.ps1 index c918e65..3112a75 100644 --- a/Scripts/Inveigh.ps1 +++ b/Scripts/Inveigh.ps1 @@ -1494,8 +1494,41 @@ Function Get-InveighNTLMv1 <# .SYNOPSIS Get-InveighNTLMv1 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv1_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv1_list.sort() + + foreach($unique_NTLMv1 in $inveigh.NTLMv1_list) + { + $unique_NTLMv1_account = $unique_NTLMv1.substring(0,$unique_NTLMv1.indexof(":",($unique_NTLMv1.indexof(":")+2))) + + if($unique_NTLMv1_account -ne $unique_NTLMv1_account_last) + { + $unique_NTLMv1 + } + + $unique_NTLMv1_account_last = $unique_NTLMv1_account + } + } + else + { + $inveigh.NTLMv1_list + } } Function Get-InveighNTLMv2 @@ -1503,8 +1536,41 @@ Function Get-InveighNTLMv2 <# .SYNOPSIS Get-InveighNTLMv2 will get captured NTLMv1 challenge/response hashes. + + .PARAMETER Unique + Default = Disabled: Enable/Disable displaying only the first captured challenge/response for each unique account. #> - $inveigh.NTLMv2_list + param + ( + [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$Unique="N", + [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter + ) + + if ($invalid_parameter) + { + throw "$($invalid_parameter) is not a valid parameter." + } + + if($Unique -eq 'y') + { + $inveigh.NTLMv2_list.sort() + + foreach($unique_NTLMv2 in $inveigh.NTLMv2_list) + { + $unique_NTLMv2_account = $unique_NTLMv2.substring(0,$unique_NTLMv2.indexof(":",($unique_NTLMv2.indexof(":")+2))) + + if($unique_NTLMv2_account -ne $unique_NTLMv2_account_last) + { + $unique_NTLMv2 + } + + $unique_NTLMv2_account_last = $unique_NTLMv2_account + } + } + else + { + $inveigh.NTLMv2_list + } } Function Get-InveighLog |