Inveigh

Inveigh can listen to IPv4 and IPv6 and several other protocols, including LLMNR, DNS, mDNS, NBNS, DHCPv6, ICMPv6, HTTP, HTTPS, SMB, LDAP, WebDAV, and Proxy Auth.

We can get started with the PowerShell version as follows and then list all possible parameters. There is a wiki that lists all parameters and usage instructions.

Import-Module .\\Inveigh.ps1

#To get all parameters
(Get-Command Invoke-Inveigh).Parameters

Invoke-Inveigh Y -NBNS Y -ConsoleOutput Y -FileOutput Y

C# Inveigh (InveighZero)

• PowerShell vs C# Version: The PowerShell version of Inveigh is outdated; the author now maintains the C# version.
• C# Version: Combines the original PowerShell code with a C# port of most features.
• Compilation: The C# version needs to be compiled before use.
• Precompiled Tools: A copy of both the PowerShell and compiled executable versions is included in C:\\Tools on the target host.
• Best Practice: It's recommended to compile the C# version yourself using Visual Studio for better understanding and control.

.\\Inveigh.exe

The options with a [+] are default and enabled by default and the ones with a [ ] before them are disabled.

We can also see the message Press ESC to enter/exit interactive console, which is very useful while running the tool.

We can hit the esc key to enter the console while Inveigh is running. After typing HELP and hitting enter, we are presented with several options:

We can quickly view unique captured hashes by typing GET NTLMV2UNIQUE.

help
GET NTLMV2UNIQUE