Inveigh Beta Windows PowerShell LLMNR/NBNS Spoofer

Inveigh Beta Windows PowerShell LLMNR/NBNS Spoofer

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing standard post exploitation, phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.

Requirements: Tested minimums are PowerShell 2.0 and .NET 3.5

Functions

  • Invoke-Inveigh – Start Inveigh with or without parameters
  • Invoke-InveighRelay – SMB relay function
  • Get-Inveigh – Get queued console output
  • Get-InveighLog – Get log entries
  • Get-InveighNTLM – Get all captured challenge/response hashes
  • Get-InveighNTLMv1 – Get captured NTLMv1 challenge/response hashes
  • Get-InveighNTLMv2 – Get captured NTLMv2 challenge/response hashes
  • Get-InveighStats – Get captured challenge/response counts
  • Watch-Inveigh – Enable real time console output
  • Clear-Inveigh – Clear Inveigh data from memory
  • Stop-Inveigh – Stop all running Inveigh functions

screenshot_Inveigh

Notes

  1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture.
  2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets.
  3. SMB challenge/response captures are performed by sniffing over the host system’s SMB service.
  4. HTTP challenge/response captures are performed with a dedicated listener.
  5. The local LLMNR/NBNS services do not need to be disabled on the host system.
  6. LLMNR/NBNS spoofer will point victims to host system’s SMB service, keep account lockout scenarios in mind.
  7. Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.
  8. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.
  9. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns.
  10. SMB relay support is experimental at this point, use caution if employing on a pen test.

More information: here

[button size=large style=round color=red align=none url=https://github.com/Kevin-Robertson/Inveigh]Download Inveigh Beta[/button]

MaxiSoler

www.artssec.com @maxisoler
Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Exploited Vulnerabilities in 2020

Top 10 Most Exploited Vulnerabilities in 2020

vFeed, Inc. Introduces Vulnerability Common Patch Format Feature

vFeed, Inc. Introduces Vulnerability Common Patch Format Feature

Efficiency of the Vulnerability Response With vFeed Intelligence

Efficiency of the Vulnerability Response With vFeed Intelligence

CVE In The Hook – Monthly Vulnerability Review (February 2020 Issue)

CVE In The Hook – Monthly Vulnerability Review (February 2020 Issue)

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs