From 4c9d4156bad63bab8b30a6b34475f5ba4e04160f Mon Sep 17 00:00:00 2001
From: Kevin Robertson <robertsonk@gmail.com>
Date: Mon, 2 Jan 2017 20:07:55 -0500
Subject: Readme and license

---
 LICENSE.md | 31 ++++++++++++++++++++++
 README.md  | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 120 insertions(+)
 create mode 100644 LICENSE.md
 create mode 100644 README.md

diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..e9dd9f9
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,31 @@
+Inveigh is provided under the 3-clause BSD license below.
+
+*************************************************************
+
+Copyright (c) 2016, Kevin Robertson
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of Invoke-TheHash nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..82a8b1a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,89 @@
+# Invoke-TheHash
+Invoke-TheHash contains PowerShell functions for performming NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side.  
+
+# Requirements
+Minimum PowerShell 2.0  
+
+# Import 
+Import-Module ./Invoke-TheHash.psd1  
+
+or   
+
+. ./Invoke-WMIExec.ps1  
+. ./Invoke-SMBExec.ps1  
+. ./Invoke-TheHash.ps1  
+
+## Functions  
+* Invoke-WMIExec  
+* Invoke-SMBExec  
+* Invoke-TheHash  
+* ConvertTo-TargetList  
+
+### Invoke-WMIExec
+* WMI command execution function.  
+
+##### Parameters:
+* __Target__ - Hostname or IP address of target.  
+* __Username__ - Username to use for authentication.  
+* __Domain__ - Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username.  
+* __Hash__ - NTLM password hash for authentication. This module will accept either LM:NTLM or NTLM format.  
+* __Command__ - Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to WMI on the target.  
+* __Sleep__ - Default = 10 Milliseconds: Sets the function's Start-Sleep values in milliseconds.  
+
+##### Example:
+Invoke-WMIExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command "command or launcher to execute" -verbose  
+
+##### Screenshot:
+![wmi](https://cloud.githubusercontent.com/assets/5897462/21594956/b0d9befc-d0f6-11e6-8e8f-8df8bbc017a2.png)
+
+### Invoke-SMBExec
+* SMB (PsExec) command execution function supporting SMB1, SMB2, and SMB signing.  
+
+##### Parameters:
+* __Target__ - Hostname or IP address of target.  
+* __Username__ - Username to use for authentication.  
+* __Domain__ - Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username.  
+* __Hash__ - NTLM password hash for authentication. This module will accept either LM:NTLM or NTLM format.  
+* __Command__ - Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to WMI on the target.  
+* __CommandCOMSPEC__ - Default = Enabled: Prepend %COMSPEC% /C to Command.  
+* __Service__ - Default = 20 Character Random: Name of the service to create and delete on the target.  
+* __SMB1__ - (Switch) Force SMB1. The default behavior is to perform SMB version negotiation and use SMB2 if supported by the target.  
+* __Sleep__ - Default = 150 Milliseconds: Sets the function's Start-Sleep values in milliseconds.  
+
+##### Example:
+Invoke-SMBExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command "command or launcher to execute" -verbose  
+
+##### Screenshot:
+![smb](https://cloud.githubusercontent.com/assets/5897462/21594963/b899ecf2-d0f6-11e6-9bd7-750b218e86a0.png)
+
+### Invoke-TheHash  
+* Function for running Invoke-WMIExec and Invoke-SMBExec against multiple targets.  
+
+##### Parameters:
+* __Type__ - Sets the desired Invoke-TheHash function. Set to either WMIExec or SMBExec.  
+* __Targets__ - List of hostnames, IP addresses, or CIDR notation for targets.  
+* __TargetsExclude__ - List of hostnames and/or IP addresses to exclude form the list or targets.  
+* __PortCheckDisable__ - (Switch) Disable WMI or SMB port check. Since this function is not yet threaded, the port check serves to speed up he function by checking for an open WMI or SMB port before attempting a full synchronous TCPClient connection.  
+* __PortCheckTimeout__ - Default = 100: Set the no response timeout in milliseconds for the WMI or SMB port check.  
+* __Username__ - Username to use for authentication.  
+* __Domain__ - Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username.  
+* __Hash__ - NTLM password hash for authentication. This module will accept either LM:NTLM or NTLM format.  
+* __Command__ - Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to WMI on the target.  
+* __CommandCOMSPEC__ - Default = Enabled: Prepend %COMSPEC% /C to Command.  
+* __Service__ - Default = 20 Character Random: Name of the service to create and delete on the target.  
+* __SMB1__ - (Switch) Force SMB1. The default behavior is to perform SMB version negotiation and use SMB2 if supported by the target.  
+* __Sleep__ - Default = 150 Milliseconds: Sets the function's Start-Sleep values in milliseconds.  
+
+##### Example:
+Invoke-TheHash -Type WMIExec -Targets 192.168.100.0/24 -TargetsExclude 192.168.100.50 -Username Administrator -Hash F6F38B793DB6A94BA04A52F1D3EE92F0  
+
+##### Screenshot:
+![ithsmb](https://cloud.githubusercontent.com/assets/5897462/21594966/c0f69a62-d0f6-11e6-91f2-af9103571bde.png)
+
+### ConvertTo-TargetList
+* Converts Invoke-TheHash output to an array that contains only targets discovered to have Invoke-WMIExec or Invoke-SMBExec access. The output from this function can be fed back into the Targets parameter of Invoke-TheHash.   
+
+
+
+
+
-- 
cgit v1.2.3