In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article mainly introduces "what is InveighZero". In daily operation, I believe many people have doubts about what InveighZero is. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the doubts about "what is InveighZero?" Next, please follow the editor to study!
About InveighZero
InveighZero is a tool that combines LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofing and man-in-the-middle attacks to help penetration testing experts and red team researchers identify security flaws in the target Windows system. InveighZero is based on C #, and many of the features in the current version are similar to the PowerShell version of Inveigh (https://github.com/Kevin-Robertson/Inveigh).
Entitlement mode function (administrator privileges required)
SMB capture: based on packet spoofing
LLMNR spoofing: based on packet spoofing
NBNS spoofing: based on packet spoofing
MDNSs spoofing: based on packet spoofing
DNS spoofing: based on packet spoofing
DHCPv6 spoofing: based on packet spoofing
Pcap output: TCP and UDP packet
Packet spoofing terminal output: SYN packet, SMB Kerberos negotiation, etc.
Function of non-lifting mode
LLMNR spoofing: based on UDP listeners
NBNS spoofing: based on UDP listeners
MDNSs spoofing: based on UDP listeners
DNS spoofing: based on UDP listeners
DHCPv6 spoofing: based on UDP listeners
Note: NBNS spoofing works on all systems with NBNS enabled. LLMNR and mDNS spoofing seem to work only on Windows 10 and Windows Server 2016.
Other featur
HTTP capture: based on TCP listener
Agent authentication capture: based on TCP listener
Features that are not currently supported
ADIDNS attack
HTTP-SMB Relay
HTTPS listener
Kerberos Kirbi output
Environmental requirements
.net Framework > = 3.5
Tool acquisition
Researchers can use the following commands to clone the source code of the project locally:
Using the git clone https://github.com/Kevin-Robertson/InveighZero.git tool
Execute using the default configuration:
Inveigh.exe
Set the primary IP address:
Inveigh.exe-IP 192.168.1.1
Send spoofing (spoofing attack) traffic to other systems:
Inveigh.exe-IP 192.168.1.1-SpooferIP 192.168.1.2
Pcap output for HTTP and SMB:
Screenshot of Inveigh.exe-Pcap Y-PcapTCP 80445 tool running
At this point, the study of "what is InveighZero" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.