| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Invoke-InveighRelay refactor - added SMB2 support and switched to an
HTTP listener that does not require admin access. Admin access is still
required if installing a cert for HTTPS. Note that the system running
Invoke-InveighRelay can be targeted for privesc.
|
|
New Script - Inveigh-BruteForce - Remote (Hot Potato
method)/unprivileged NBNS brute force spoofer.
Inveigh-BruteForce
Features:
Targeted IPv4 NBNS brute force spoofer with granular control
NTLMv1/NTLMv2 challenge/response capture over HTTP
Granular control of console and file output
Run time control
Inveigh
New Parameters:
HTTPSCertAppID - Specify a valid application GUID for use with the
ceriticate.
LLMNRTTL - Specify a custom LLMNR TTL in seconds for the response
packet.
NBNSTTL - Specify a custom NBNS TTL in seconds for the response packet.
WPADDirectHosts - Comma separated list of hosts to list as direct in the
wpad.dat file. Listed hosts will not be routed through the defined
proxy.
Inveigh-Relay
New Parameters:
HTTPSCertAppID - Specify a valid application GUID for use with the
ceriticate.
RunTime - Set the run time duration in minutes.
Bug Fix:
Fixed an SMB relay issue that was causing a hang before sending the
NTLMv2 response. Thanks to @mubix for reporting the bug and providing a
packet capture.
|
|
HTTPS captures can now be enabled. The default setting is disabled. Note
that if HTTPS is enabled, the cert file needs to be in the same
directory as the script. The cert will be installed in the local machine
certificate store and bound to port 443. The script should remove the
cert from the store and delete the binding on exit. If needed, see HTTPS
parameter comments in the script or execute "Get-help .\Inveigh.ps1
-parameter https" for manual cert cleanup instructions.
|