aboutsummaryrefslogtreecommitdiff
path: root/README.md
AgeCommit message (Collapse)AuthorFilesLines
2022-09-18dev buildsdevkevin1-0/+523
2021-11-30bug fixesKevin Robertson1-46/+0
2019-02-25Added SMB Kerberos TGT capture and kirbi outputKevin Robertson1-1/+1
Added SMB Kerberos TGT capture through packet sniffing and kirbi output. To use, credentials are required for an account with unconstrained delegation. This is still in the early stages. I'm not using an ASN.1 library so there is probably lots that can throw off the parsing.
2019-01-30Updated impacket linkKevin Robertson1-1/+1
2019-01-30Kerberos detection and bug fixesKevin Robertson1-1/+5
Added indicator for when SMB auth negotiates to Kerberos. Bug fixes.
2018-09-25Link fixKevin Robertson1-2/+2
2018-09-25Readme updateKevin Robertson1-1/+3
Added Invoke-TheHash link
2018-09-25Dev branch syncKevin Robertson1-7/+9
2017-09-25ResponderGuard defenseKevin Robertson1-2/+2
Inveigh will now ignore NBNS/LLMNR requests sent directly to the host IP address rather than the broadcast/multicast address.
2017-04-04Last fixesKevin Robertson1-1/+1
2017-04-02Update README.mdKevin Robertson1-1/+3
2017-04-02mDNS spoofer, log control, bug fixesKevin Robertson1-185/+18
Added mDNS spoofer. Simplified some HTTP listener code. Added LogOutput and ConsoleQueueLimit parameters to control in-memory log entry storage. Fixed some bugs.
2017-03-27bug fixes and partial readme updateKevin Robertson1-103/+50
2017-02-06Fixed a bug that was causing auth failures during SMB relayKevin Robertson1-2/+2
2016-09-13Readme fixKevin Robertson1-8/+8
2016-09-13Final 1.2 checksKevin Robertson1-1/+1
2016-09-12Just a few more small changesKevin Robertson1-2/+11
2016-09-11Readme fixKevin Robertson1-10/+3
2016-09-11Another 1.2 update and new readmeKevin Robertson1-131/+138
2016-09-09Web server and learning fixesKevin Robertson1-2/+2
Fixed some issues with the Inveigh-Unprivileged web server. Modified the Inveigh learning code so that it can handle multiple requests received in quick succession.
2016-09-081.2 PrepKevin Robertson1-1/+5
Added a learning mode (SpooferLearning parameter) to Invoke-Inveigh that will attempt to avoid spoofing requests for valid hostnames. If enabled, Inveigh will send out LLMNR/NBNS requests for hostnames received through incoming LLMNR/NBNS requests. If Inveigh receives a response for a sent requests, it will add the hostname to a blacklist. Refined the Invoke-InveighPrivileged web server. Performed some general cleanup on all functions.
2016-08-21Readme updateKevin Robertson1-7/+23
2016-08-02Windows Firewall check and readme updateKevin Robertson1-2/+5
Added a warning for when the Windows Firewall is enabled. Added a note about the June patches likely breaking features of Invoke-InveighBruteForce.
2016-05-10Readme fix1.1.1Kevin Robertson1-1/+0
Removed Get-InveighStat reference
2016-05-10Code cleanup and new parametersKevin Robertson1-5/+8
Contains a few rounds of code cleanup and the following changes: Parameters Added to Invoke-Inveigh: ConsoleUnique - Enable/Disable displaying challenge/response hashes for only unique IP, domain/hostname, and username combinations when real time console output is enabled. FileUnique - Enable/Disable outputting challenge/response hashes for only unique IP, domain/hostname, and username combinations when real time file output is enabled. ConsoleStatus - Set interval in minutes for displaying all unique captured hashes and credentials. This is useful for displaying full capture lists when running through a shell that does not have access to the support functions. WPADEmptyFile - Enable/Disable serving a proxyless, all direct, wpad.dat file for wpad.dat requests. Enabling this setting can reduce the amount of redundant wpad.dat requests. This parameter is ignored when using WPADIP, WPADPort, or WPADResponse. Fixed: Corrected an issue that was preventing the MachineAccounts parameter from being fully enabled in all three scripts. Removed Support Functions: Get-InveighStat Get-InveighNTLM
2016-03-30Comment/notes update, minor cleanupKevin Robertson1-12/+9
Updated some comments and notes. Replaced ForEach alias with ForEach-Object.
2016-03-16Readme updateKevin Robertson1-1/+4
Added NBNS brute force note and fixed typo
2016-03-16Readme fixKevin Robertson1-1/+1
Second attempt at getting the Invoke-InveighBruteForce example right:)
2016-03-16Readme fixKevin Robertson1-2/+2
The Invoke-InveighBruteForce example listed the wrong function
2016-03-15New Script - Inveigh-BruteForce1.1Kevin Robertson1-72/+210
New Script - Inveigh-BruteForce - Remote (Hot Potato method)/unprivileged NBNS brute force spoofer. Inveigh-BruteForce Features: Targeted IPv4 NBNS brute force spoofer with granular control NTLMv1/NTLMv2 challenge/response capture over HTTP Granular control of console and file output Run time control Inveigh New Parameters: HTTPSCertAppID - Specify a valid application GUID for use with the ceriticate. LLMNRTTL - Specify a custom LLMNR TTL in seconds for the response packet. NBNSTTL - Specify a custom NBNS TTL in seconds for the response packet. WPADDirectHosts - Comma separated list of hosts to list as direct in the wpad.dat file. Listed hosts will not be routed through the defined proxy. Inveigh-Relay New Parameters: HTTPSCertAppID - Specify a valid application GUID for use with the ceriticate. RunTime - Set the run time duration in minutes. Bug Fix: Fixed an SMB relay issue that was causing a hang before sending the NTLMv2 response. Thanks to @mubix for reporting the bug and providing a packet capture.
2016-01-19Added p0wnedShell linkKevin Robertson1-1/+1
Added p0wnedShell link to the included in section. Removed the SMB relay note to sync with Inveigh.ps1 notes.
2016-01-12Spoofer, HTTP/HTTPS, and WPAD additions/changes1.0.0Kevin Robertson1-2/+12
LLMNR/NBNS spoofer: SpooferIPsReply/SpooferIPsIgnore - These parameters provide granular control over what systems to respond to when spoofing. SpooferHostsReply/SpooferHostsIgnore - These parameters provide granular control over what requested hostnames to respond to when spoofing. Note that SpooferHostsAccept replaces SpoofList. SpooferRepeat - This parameter replaces Repeat in order to sync the parameter name with the prefix used for other spoofer parameters. HTTP/HTTPS Listener: HTTPAuth - This parameter provides the ability to set the HTTP/HTTPS non-WPAD auth to NTLM, Basic, or Anonymous. Basic authentication can be used to capture cleartext credentials (thanks @xorrior!). HTTPBasicRealm - Set a realm name if Basic auth is enabled. HTTPDir/HTTPDefaultFile/HTTPDefaultEXE/HTTPResponse - These parameters provide control over the content served by the listener. HTTPSCertThumbprint - This parameter provides the ability to more easily set the thumbprint for custom certs. HTTP/HTTPS requests are now reported and/or logged. WPAD: WPADIP/WPADPort - These parameters provide the ability to configure a proxy server on victim systems through WPAD. WPADResponse - These parameters provide the ability to configure a custom wpad.dat response rather than the basic one used by WPADIP and WPADPort. WPADAuth - This parameter provides the ability to set the HTTP/HTTPS WPAD auth to NTLM, Basic, or Anonymous. Basic authentication can be used to capture cleartext credentials (thanks @xorrior!). Note that this parameter replaces ForceWPADAuth. Miscellaneous: Get-InveighCleartext - Gets all captured cleartext credentials. Inspect - This switch parameter serves as an easier way to inspect LLMNR/NBNS traffic. If -Inspect is added to the command line, LLMNR, NBNS, HTTP, HTTPS, and SMB are disabled.
2015-10-11Moved SMB relay code to a dedicated script, also added a Scripts directory ↵Kevin Robertson1-10/+15
and psm1 and psd1 files The SMB relay code is now in Inveigh-Relay.ps1. The script can be used either through Invoke-Inveigh or as a standalone function.
2015-10-11Revert "Moved SMB relay code to a dedicated script, also added psm1 and psd1 ↵Kevin Robertson1-15/+6
files." This reverts commit 8ab002602f672dddb91e27ff6bb7d5050771c688.
2015-10-11Moved SMB relay code to a dedicated script, also added psm1 and psd1 files.Kevin Robertson1-6/+15
The SMB relay code is now in Inveigh-Relay.ps1. The script can be used either through Invoke-Inveigh or as a standalone function.
2015-10-07Typo fixKevin Robertson1-1/+1
2015-10-07Updated Metasploit screenshot and removed Hide-InveighKevin Robertson1-3/+2
2015-10-06Updated to reflect new module formatKevin Robertson1-7/+5
2015-10-06Updated to reflect new module formatKevin Robertson1-8/+45
2015-09-20Removed invalid note regarding output locationKevin Robertson1-3/+2
2015-09-20Added new screenshots and SMB relay command lineKevin Robertson1-1/+1
2015-09-20Added new screenshots and SMB relay command lineKevin Robertson1-1/+1
2015-09-20Added new screenshots and smb relay command lineKevin Robertson1-2/+8
2015-09-13Added SMB relay noteKevin Robertson1-0/+1
2015-08-05Added parameter for controlling output directory. Added first version of ↵Kevin Robertson1-5/+5
loader script for easier execution as a payload. Added '-OutputDir' parameter for controlling the output directory. Added 'Inveigh-Loader.ps1' script which has additional options for running Inveigh as an unattended payload. Performed some cleanup. Updated screenshot in readme.
2015-08-05Added requirements sectionKevin Robertson1-0/+3
2015-08-01Added new parameterKevin Robertson1-2/+2
2015-07-12Added HTTPS optionKevin Robertson1-1/+1
2015-07-11Added test for new optionsKevin Robertson1-4/+3
2015-04-19Update README.mdKevin Robertson1-2/+2
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 01:06:24 +0000