From 3db604b775c6c76305acc152d1662e1ecdcae12c Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Sun, 19 Apr 2015 10:23:00 -0400 Subject: Update README.md --- README.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 7b53e4f..5b609b0 100644 --- a/README.md +++ b/README.md @@ -4,20 +4,23 @@ Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetratio # Notes 1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture. 2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets. -3. SMB captures are performed through sniffing. -4. HTTP captures are performed with a listener. -5. The local LLMNR/NBNS services do not need to be disabled on the client system. +3. SMB challenge/response captures are performed by sniffing over the host system's SMB service. +4. HTTP challenge/response captures are performed with a dedicated listener. +5. The local LLMNR/NBNS services do not need to be disabled on the host system. 6. LLMNR/NBNS spoofer will point victims to host system's SMB service, keep account lockout scenarios in mind. -7. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall. -8. Output files will be created in current working directory. -9. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns. -10. Code is proof of concept level and may not work under some scenarios. +7. Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS. +8. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system. +9. Output files will be created in current working directory. +10. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns. +11. Code is proof of concept level and may not work under some scenarios. # Usage -With default settings +Obtain an elevated administrator or SYSTEM shell. If necessary, execute Set-ExecutionPolicy Unrestricted within PowerShell. + +With default settings: Inveigh.ps1 -i localip -With features enabled/disabled +With features enabled/disabled: Inveigh.ps1 -i localip -LLMNR Y/N -NBNS Y/N -HTTP Y/N -SMB Y/N # Screenshot -- cgit v1.2.3