Inveigh — Windows PowerShell LLMNR/NBNS spoofer
iSpeech
Inveigh is a Windows PowerShell LLMNRGtIvMRZl.jpgNBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.
[adsense size='1']
Features
- Currently supports IPv4 LLMNRGtIvMRZl.jpgNBNS spoofing and HTTPGtIvMRZl.jpgSMB NTLMv1GtIvMRZl.jpgNTLMv2 challengeGtIvMRZl.jpgresponse capture.
- LLMNRGtIvMRZl.jpgNBNS spoofing is performed through sniffing and sending with raw sockets.
- SMB challengeGtIvMRZl.jpgresponse captures are performed by sniffing over the host system’s SMB service.
- HTTP challengeGtIvMRZl.jpgresponse captures are performed with a dedicated listener.
- The local LLMNRGtIvMRZl.jpgNBNS services do not need to be disabled on the host system.
- LLMNRGtIvMRZl.jpgNBNS spoofer will point victims to host system’s SMB service, keep account lockout scenarios in mind.
- Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.
- Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.
- Output files will be created in current working directory.
- If you copyGtIvMRZl.jpgpaste challengeGtIvMRZl.jpgresponse captures from output window for password cracking, remove carriage returns.
[adsense size='1']
Usage
Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass script execution policy.
Git Clone
git clone https:GtIvMRZl.jpgGtIvMRZl.jpggithub.comGtIvMRZl.jpgjohnjohnsp1GtIvMRZl.jpgInveigh.git
To execute with default settings:
Inveigh.ps1 -i localip
To execute with features enabledGtIvMRZl.jpgdisabled:
Inveigh.ps1 -i localip -LLMNR YGtIvMRZl.jpgN -NBNS YGtIvMRZl.jpgN -HTTP YGtIvMRZl.jpgN -HTTPS YGtIvMRZl.jpgN -SMB YGtIvMRZl.jpgN -Repeat YGtIvMRZl.jpgN -ForceWPADAuth YGtIvMRZl.jpgN
- Currently supports IPv4 LLMNRGtIvMRZl.jpgNBNS spoofing and HTTPGtIvMRZl.jpgSMB NTLMv1GtIvMRZl.jpgNTLMv2 challengeGtIvMRZl.jpgresponse capture.
- LLMNRGtIvMRZl.jpgNBNS spoofing is performed through sniffing and sending with raw sockets.
- SMB challengeGtIvMRZl.jpgresponse captures are performed by sniffing over the host system’s SMB service.
- HTTP challengeGtIvMRZl.jpgresponse captures are performed with a dedicated listener.
- The local LLMNRGtIvMRZl.jpgNBNS services do not need to be disabled on the host system.
- LLMNRGtIvMRZl.jpgNBNS spoofer will point victims to host system’s SMB service, keep account lockout scenarios in mind.
- Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.
- Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.
- Output files will be created in current working directory.
- If you copyGtIvMRZl.jpgpaste challengeGtIvMRZl.jpgresponse captures from output window for password cracking, remove carriage returns.
[adsense size='1']
Usage
Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass script execution policy.Git Clone
git clone https:GtIvMRZl.jpgGtIvMRZl.jpggithub.comGtIvMRZl.jpgjohnjohnsp1GtIvMRZl.jpgInveigh.git
To execute with default settings: Inveigh.ps1 -i localip
To execute with features enabledGtIvMRZl.jpgdisabled: Inveigh.ps1 -i localip -LLMNR YGtIvMRZl.jpgN -NBNS YGtIvMRZl.jpgN -HTTP YGtIvMRZl.jpgN -HTTPS YGtIvMRZl.jpgN -SMB YGtIvMRZl.jpgN -Repeat YGtIvMRZl.jpgN -ForceWPADAuth YGtIvMRZl.jpgN
- LLMNRGtIvMRZl.jpgNBNS spoofing is performed through sniffing and sending with raw sockets.
Gloss