search

Kevin-Robertson / Inveigh

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
BSD 3-Clause "New" or "Revised" License
2.44k stars 433 forks source link

Setting -EvadeRG N has no effect #17

Open chppppp opened 5 years ago

chppppp commented 5 years ago

Using the command line options

PS C:\> Invoke-Inveigh -ConsoleOutput Y -NBNS Y -mDNS Y -HTTPS Y -Proxy Y -NBNSTypes 00,20,03,1B -MachineAccounts Y -EvadeRG N

Inveigh will still drop requests 

[+] [2019-05-03T14:50:02] NBNS request for ASDF<42-4B> received from 10.20.43.149 [NBNS type disabled]
[+] [2019-05-03T14:50:03] NBNS request for ASDF<42-4B> received from 10.20.43.149 [NBNS type disabled]
[+] [2019-05-03T14:50:10] LLMNR request for ASDF received from 10.20.43.149 [response sent]
WARNING: [!] [2019-05-03T14:50:10] NBNS request for *              <00> received from 10.20.43.149 [possible ResponderGuard request ignored]
Kevin-Robertson commented 5 years ago

I think I spotted the issues. I haven't had a chance to test though. The fixes are in the dev repo version.

Is that an actual ResponderGuard request or is that a false positive?

chppppp commented 5 years ago

Workstations are running SEP so either it’s a false positive or SEP is doing some kind of ResponderGuard.

Thanks so much Kevin. Wish I was strong enough in PS to submit the PR myself :)