Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting -EvadeRG N has no effect #17

Open
chppppp opened this issue May 3, 2019 · 2 comments
Open

Setting -EvadeRG N has no effect #17

chppppp opened this issue May 3, 2019 · 2 comments

Comments

@chppppp
Copy link

chppppp commented May 3, 2019

Using the command line options

PS C:\> Invoke-Inveigh -ConsoleOutput Y -NBNS Y -mDNS Y -HTTPS Y -Proxy Y -NBNSTypes 00,20,03,1B -MachineAccounts Y -EvadeRG N

Inveigh will still drop requests

[+] [2019-05-03T14:50:02] NBNS request for ASDF<42-4B> received from 10.20.43.149 [NBNS type disabled]
[+] [2019-05-03T14:50:03] NBNS request for ASDF<42-4B> received from 10.20.43.149 [NBNS type disabled]
[+] [2019-05-03T14:50:10] LLMNR request for ASDF received from 10.20.43.149 [response sent]
WARNING: [!] [2019-05-03T14:50:10] NBNS request for *              <00> received from 10.20.43.149 [possible ResponderGuard request ignored]
@Kevin-Robertson
Copy link
Owner

I think I spotted the issues. I haven't had a chance to test though. The fixes are in the dev repo version.

Is that an actual ResponderGuard request or is that a false positive?

@chppppp
Copy link
Author

chppppp commented May 7, 2019

Workstations are running SEP so either it’s a false positive or SEP is doing some kind of ResponderGuard.

Thanks so much Kevin. Wish I was strong enough in PS to submit the PR myself :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants