Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inveigh won't capture hashes #21

Open
init5-SF opened this issue Apr 27, 2020 · 3 comments
Open

Inveigh won't capture hashes #21

init5-SF opened this issue Apr 27, 2020 · 3 comments

Comments

@init5-SF
Copy link

Hello, I am using this syntax to run inveigh:
Invoke-inveigh -StatusOutput Y -Consoleoutput Y -ShowHelp N -HTTP Y -NBNS Y -LLMNR Y -DNS Y -Elevated Y -OutputStreamOnly Y -IP -IP 10.10.10.100

I am doing so through meterpreter's shell, so the consoleout part fails but the tool runs normally (i think). the output looks something like this:

[*] Inveigh 1.503 started at 2020-04-27T02:10:12
[+] Elevated Privilege Mode = Enabled
[+] Primary IP Address = 10.10.10.100
[+] Spoofer IP Address = 10.10.10.100
[+] ADIDNS Spoofer = Disabled
[+] DNS Spoofer = Enabled
[+] DNS TTL = 30 Seconds
[+] LLMNR Spoofer = Enabled
[+] LLMNR TTL = 30 Seconds
[+] mDNS Spoofer = Disabled
[+] NBNS Spoofer For Types 00,20 = Enabled
[+] NBNS TTL = 165 Seconds
[+] SMB Capture = Enabled
[+] HTTP Capture = Enabled
[+] HTTPS Capture = Disabled
[+] HTTP/HTTPS Authentication = NTLM
[+] WPAD Authentication = NTLM
[+] WPAD NTLM Authentication Ignore List = Firefox
[+] WPAD Response = Enabled
[+] Kerberos TGT Capture = Disabled
[+] Machine Account Capture = Disabled
[+] Console Output = Full
[+] File Output = Disabled
Cannot see if a key has been pressed when either application does not have a 
console or when console input has been redirected from a file. Try 
Console.In.Peek.
At line:6345 char:20

when I do get-inveigh, i don't see hashes, all I see is this:

[+] [2020-04-27T02:10:15] LLMNR request for testserver received from 10.10.10.133 [response sent]
[+] [2020-04-27T02:10:15] LLMNR request for testserver received from 10.10.10.133 [response sent]
[+] [2020-04-27T02:10:16] TCP(80) SYN packet detected from 10.10.10.133:56464
[+] [2020-04-27T02:10:29] LLMNR request for testserver received from 10.10.10.133 [response sent]
[+] [2020-04-27T02:10:30] LLMNR request for testserver received from 10.10.10.133 [response sent]

Am I using it the wrong way?
I also tried invoke-inveigh in parallel with invoke-inveighrelay, but the -command didnt execute, probably coz no hashes are being captured.

If anyone could help me with this it would be greatly appreciated!
Thank you.
@sash322
Copy link

sash322 commented May 21, 2020

Same issue. C# version works fine, but powershell wont capture hashes

@Kevin-Robertson
Copy link
Owner

I've always had issues with ConsoleOutput enabled in meterpreter. Have you tried running without it and pulling back data with just get-inveigh?

Using '-Tool 1' will set what I found to work best with meterpreter.

@init5-SF
Copy link
Author

I've always had issues with ConsoleOutput enabled in meterpreter. Have you tried running without it and pulling back data with just get-inveigh?

Using '-Tool 1' will set what I found to work best with meterpreter.

Hello,

This is exactly how I do it, I disable all kinds of real time outputs and leave the tool running for a while, then check with Get-Inveigh.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Kevin-Robertson @init5-SF @sash322