Shulou(Shulou.com)05/31 Report--

This article mainly introduces "what is InveighZero". In daily operation, I believe many people have doubts about what InveighZero is. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the doubts about "what is InveighZero?" Next, please follow the editor to study!

About InveighZero

InveighZero is a tool that combines LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofing and man-in-the-middle attacks to help penetration testing experts and red team researchers identify security flaws in the target Windows system. InveighZero is based on C #, and many of the features in the current version are similar to the PowerShell version of Inveigh (https://github.com/Kevin-Robertson/Inveigh).

Entitlement mode function (administrator privileges required)

SMB capture: based on packet spoofing

LLMNR spoofing: based on packet spoofing

NBNS spoofing: based on packet spoofing

MDNSs spoofing: based on packet spoofing

DNS spoofing: based on packet spoofing

DHCPv6 spoofing: based on packet spoofing

Pcap output: TCP and UDP packet

Packet spoofing terminal output: SYN packet, SMB Kerberos negotiation, etc.

Function of non-lifting mode

LLMNR spoofing: based on UDP listeners

NBNS spoofing: based on UDP listeners

MDNSs spoofing: based on UDP listeners

DNS spoofing: based on UDP listeners

DHCPv6 spoofing: based on UDP listeners

Note: NBNS spoofing works on all systems with NBNS enabled. LLMNR and mDNS spoofing seem to work only on Windows 10 and Windows Server 2016.

Other featur

HTTP capture: based on TCP listener

Agent authentication capture: based on TCP listener

Features that are not currently supported

ADIDNS attack

HTTP-SMB Relay

HTTPS listener

Kerberos Kirbi output

Environmental requirements

.net Framework > = 3.5

Tool acquisition

Researchers can use the following commands to clone the source code of the project locally:

Using the git clone https://github.com/Kevin-Robertson/InveighZero.git tool

Execute using the default configuration:

Inveigh.exe

Set the primary IP address:

Inveigh.exe-IP 192.168.1.1

Send spoofing (spoofing attack) traffic to other systems:

Inveigh.exe-IP 192.168.1.1-SpooferIP 192.168.1.2

Pcap output for HTTP and SMB:

Screenshot of Inveigh.exe-Pcap Y-PcapTCP 80445 tool running

At this point, the study of "what is InveighZero" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.