From d1fc0cc042c6a8d42a9428320b35ee981ec42cb1 Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sat, 18 Apr 2015 11:07:29 -0400 Subject: Update TODO.md --- TODO.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/TODO.md b/TODO.md index f21b068..41069a1 100644 --- a/TODO.md +++ b/TODO.md @@ -1,7 +1,7 @@ ## To Do - [ ] Code cleanup -- [ ] Add NBNS spoofer -- [ ] Add ability to capture SMB NTLMv1 challenge/responses -- [ ] Add ability to capture SMB LM challenge/responses +- [x] Add NBNS spoofer +- [x] Add ability to capture NTLMv1 challenge/responses +- [ ] Add ability to capture LM challenge/responses - [x] Add HTTP for challenge/response captures - [ ] Add HTTPS for challenge/response captures -- cgit v1.2.3 From 431b88b5dfaac5cc08e2f086e98033205bfc9bd4 Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sat, 18 Apr 2015 11:09:58 -0400 Subject: Create README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..19eef69 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Inveigh +Inveigh is a PowerShell LLMNR/NBNS spoofer with HTTP/SMB challenge/response capture + -- cgit v1.2.3 From 18d476bada3a85e99acbf936b60757b99733803a Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sat, 18 Apr 2015 11:26:47 -0400 Subject: Update README.md --- README.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 19eef69..0044a1d 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,21 @@ # Inveigh -Inveigh is a PowerShell LLMNR/NBNS spoofer with HTTP/SMB challenge/response capture +Inveigh is designed to assist penetration testers that find themselves restricted to a Windows system. This can commonly occur while performing phishing attacks, USB attacks, VLAN pivoting, or even restrictions from the client. +# Notes +1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture. +2. LLMNR/NBNS spoofing are performed through sniffing and sending with raw sockets. +3. SMB captures are performed through sniffing. +4. HTTP captures are performed with a listener. +5. The local LLMNR/NBNS services do not need to be disabled on the client system. +6. LLMNR/NBNS spoofer will point victims to host system's SMB service, keep account lockout scenarios in mind. +7. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall. +8. Output files will be created in current working directory. +9. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns. +10. Code is proof of concept level and may not work under some scenarios. + +# Usage +With default settings +Inveigh.ps1 -i localip + +With features enabled/disabled +Inveigh.ps1 -i localip -LLMNR Y/N -NBNS Y/N -HTTP Y/N -SMB Y/N -- cgit v1.2.3 From be4e44238abd0e39093b5d36677cd61fb19ed0ad Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sat, 18 Apr 2015 11:27:55 -0400 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0044a1d..c811943 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Inveigh -Inveigh is designed to assist penetration testers that find themselves restricted to a Windows system. This can commonly occur while performing phishing attacks, USB attacks, VLAN pivoting, or even restrictions from the client. +Inveigh is a LLMNR/NBNS spoofer designed to assist penetration testers that find themselves restricted to a Windows system. This can commonly occur while performing phishing attacks, USB attacks, VLAN pivoting, or even restrictions from the client. # Notes 1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture. -- cgit v1.2.3 From 7b364c84eabfe4cc84975bd847989aab8daced87 Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sat, 18 Apr 2015 11:28:57 -0400 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c811943..c4f1fab 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Inveigh is a LLMNR/NBNS spoofer designed to assist penetration testers that find # Notes 1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture. -2. LLMNR/NBNS spoofing are performed through sniffing and sending with raw sockets. +2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets. 3. SMB captures are performed through sniffing. 4. HTTP captures are performed with a listener. 5. The local LLMNR/NBNS services do not need to be disabled on the client system. -- cgit v1.2.3 From 1c87112d25a6344b0fec9ee3e7f3cec070cdabde Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sat, 18 Apr 2015 11:29:35 -0400 Subject: Added NBNS spoofing and HTTP/SMB NTLMv1 capture --- Inveigh.ps1 | Bin 45430 -> 22732 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/Inveigh.ps1 b/Inveigh.ps1 index 0097255..3c10c23 100644 Binary files a/Inveigh.ps1 and b/Inveigh.ps1 differ -- cgit v1.2.3 From 2810aae197d09836df95f676b9e47d354849499a Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sat, 18 Apr 2015 11:30:14 -0400 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c4f1fab..441f9f5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Inveigh -Inveigh is a LLMNR/NBNS spoofer designed to assist penetration testers that find themselves restricted to a Windows system. This can commonly occur while performing phishing attacks, USB attacks, VLAN pivoting, or even restrictions from the client. +Inveigh is a PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves restricted to a Windows system. This can commonly occur while performing phishing attacks, USB attacks, VLAN pivoting, or even restrictions from the client. # Notes 1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture. -- cgit v1.2.3