vFeed


Tools

Published on December 21st, 2015 | by MaxiSoler

0

Inveigh Beta Windows PowerShell LLMNR/NBNS Spoofer

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing standard post exploitation, phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.

Requirements: Tested minimums are PowerShell 2.0 and .NET 3.5

Functions

  • Invoke-Inveigh – Start Inveigh with or without parameters
  • Invoke-InveighRelay – SMB relay function
  • Get-Inveigh – Get queued console output
  • Get-InveighLog – Get log entries
  • Get-InveighNTLM – Get all captured challenge/response hashes
  • Get-InveighNTLMv1 – Get captured NTLMv1 challenge/response hashes
  • Get-InveighNTLMv2 – Get captured NTLMv2 challenge/response hashes
  • Get-InveighStats – Get captured challenge/response counts
  • Watch-Inveigh – Enable real time console output
  • Clear-Inveigh – Clear Inveigh data from memory
  • Stop-Inveigh – Stop all running Inveigh functions

screenshot_Inveigh

Notes

  1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture.
  2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets.
  3. SMB challenge/response captures are performed by sniffing over the host system’s SMB service.
  4. HTTP challenge/response captures are performed with a dedicated listener.
  5. The local LLMNR/NBNS services do not need to be disabled on the host system.
  6. LLMNR/NBNS spoofer will point victims to host system’s SMB service, keep account lockout scenarios in mind.
  7. Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.
  8. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.
  9. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns.
  10. SMB relay support is experimental at this point, use caution if employing on a pen test.

More information: here

Tags: , , , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑