Inveigh Beta Windows PowerShell LLMNR/NBNS Spoofer

Inveigh Beta Windows PowerShell LLMNR/NBNS Spoofer

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing standard post exploitation, phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.

Requirements: Tested minimums are PowerShell 2.0 and .NET 3.5

Functions

  • Invoke-Inveigh – Start Inveigh with or without parameters
  • Invoke-InveighRelay – SMB relay function
  • Get-Inveigh – Get queued console output
  • Get-InveighLog – Get log entries
  • Get-InveighNTLM – Get all captured challenge/response hashes
  • Get-InveighNTLMv1 – Get captured NTLMv1 challenge/response hashes
  • Get-InveighNTLMv2 – Get captured NTLMv2 challenge/response hashes
  • Get-InveighStats – Get captured challenge/response counts
  • Watch-Inveigh – Enable real time console output
  • Clear-Inveigh – Clear Inveigh data from memory
  • Stop-Inveigh – Stop all running Inveigh functions

screenshot_Inveigh

Notes

  1. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture.
  2. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets.
  3. SMB challenge/response captures are performed by sniffing over the host system’s SMB service.
  4. HTTP challenge/response captures are performed with a dedicated listener.
  5. The local LLMNR/NBNS services do not need to be disabled on the host system.
  6. LLMNR/NBNS spoofer will point victims to host system’s SMB service, keep account lockout scenarios in mind.
  7. Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.
  8. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.
  9. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns.
  10. SMB relay support is experimental at this point, use caution if employing on a pen test.

More information: here

[button size=large style=round color=red align=none url=https://github.com/Kevin-Robertson/Inveigh]Download Inveigh Beta[/button]

MaxiSoler

www.artssec.com @maxisoler
GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch Armory at GISEC 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch Armory at GISEC 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020