search

Kevin-Robertson / Inveigh

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
BSD 3-Clause "New" or "Revised" License
2.44k stars 432 forks source link

Packet sniffing error detected - System.ArgumentException #31

Open Acebond opened 3 years ago

Acebond commented 3 years ago

Hello, I'm running the latest version on Windows 7 x64, and am getting this error:

Running with .\Inveigh.exe -HTTPPorts 10080 -mdns y -nbns y

[*] Press ESC to enter/exit interactive console
[+] [15:19:02] LLMNR(A) request [REDACTED] from 10.7.27.18 [response sent]
[+] [15:19:02] LLMNR(A) request [REDACTED] from 10.7.27.18 [response sent]
[-] [15:19:02] LLMNR(AAAA) request [REDACTED] from 10.7.27.18 [type ignored]
[-] [15:19:02] LLMNR(AAAA) request [REDACTED] from 10.7.27.18 [type ignored]
[.] [15:19:02] TCP(445) SYN packet from 10.7.27.18:65371
[.] [15:19:02] SMB1(445) negotiation request detected from 10.7.27.18:65371
[.] [15:19:02] SMB2+(445) negotiation request detected from 10.7.27.18:65371
[+] [15:19:02] SMB(445) NTLM challenge [ADC486A5AB9FF8CC] sent to 10.7.27.18:65371
[-] [15:19:02] Packet sniffing error detected - System.ArgumentException: Offset and length were out of bounds for the a
rray or count is greater than the number of elements from index to the end of the source collection.
   at System.Buffer.BlockCopy(Array src, Int32 srcOffset, Array dst, Int32 dstOffset, Int32 count)
   at Quiddity.Support.ASN1.GetTagBytes(Byte[] data, Int32& index, Int32 length, Byte tag, Byte& tagDecoded)
   at Quiddity.Support.ASN1.GetTagBytes(Int32 tag, Byte[] data)
   at Quiddity.NTLM.NTLMResponse.Decode(Byte[] data)
   at Quiddity.NTLM.NTLMResponse..ctor(Byte[] data)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[-] [15:19:02] Packet sniffing error detected - System.IO.EndOfStreamException: Unable to read beyond the end of the str
eam.
   at System.IO.__Error.EndOfFile()
   at System.IO.BinaryReader.FillBuffer(Int32 numBytes)
   at System.IO.BinaryReader.ReadUInt16()
   at Quiddity.NTLM.NTLMHelper.ReadBytes(Byte[] data, Int32 offset)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[.] [15:19:02] SMB1(445) negotiation request detected from 10.7.27.18:65372
[.] [15:19:02] SMB2+(445) negotiation request detected from 10.7.27.18:65372
[+] [15:19:02] SMB(445) NTLM challenge [B0D50469185CF3D0] sent to 10.70.151.129:65372
[-] [15:19:02] Packet sniffing error detected - System.ArgumentException: Offset and length were out of bounds for the a
rray or count is greater than the number of elements from index to the end of the source collection.
   at System.Buffer.BlockCopy(Array src, Int32 srcOffset, Array dst, Int32 dstOffset, Int32 count)
   at Quiddity.Support.ASN1.GetTagBytes(Byte[] data, Int32& index, Int32 length, Byte tag, Byte& tagDecoded)
   at Quiddity.Support.ASN1.GetTagBytes(Byte[] data, Int32& index, Int32 length, Byte tag, Byte& tagDecoded)
   at Quiddity.Support.ASN1.GetTagBytes(Int32 tag, Byte[] data)
   at Quiddity.NTLM.NTLMResponse.Decode(Byte[] data)
   at Quiddity.NTLM.NTLMResponse..ctor(Byte[] data)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
[-] [15:19:03] Packet sniffing error detected - System.IO.EndOfStreamException: Unable to read beyond the end of the str
eam.
   at System.IO.__Error.EndOfFile()
   at System.IO.BinaryReader.FillBuffer(Int32 numBytes)
   at System.IO.BinaryReader.ReadUInt16()
   at Quiddity.NTLM.NTLMHelper.ReadBytes(Byte[] data, Int32 offset)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
PS C:\Users\pentest>

If there is additional information you want let me know.

Kevin-Robertson commented 3 years ago

Thanks! I have not tested through Windows 7 at all. I'll test it if I get an opportunity. It looks like something is going on with the ASN.1 code, which is still pretty crude.

Altominded commented 3 months ago

Any updates on this? I am having the same issue