Inveigh is a PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves restricted to a Windows system. This can commonly occur while performing phishing attacks, USB attacks, VLAN pivoting, or even restrictions from the client.
- Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture.
- LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets.
- SMB captures are performed through sniffing.
- HTTP captures are performed with a listener.
- The local LLMNR/NBNS services do not need to be disabled on the client system.
- LLMNR/NBNS spoofer will point victims to host system's SMB service, keep account lockout scenarios in mind.
- Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall.
- Output files will be created in current working directory.
- If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns.
- Code is proof of concept level and may not work under some scenarios.
With default settings
Inveigh.ps1 -i localip
With features enabled/disabled
Inveigh.ps1 -i localip -LLMNR Y/N -NBNS Y/N -HTTP Y/N -SMB Y/N