search

Kevin-Robertson / Inveigh

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
BSD 3-Clause "New" or "Revised" License
2.52k stars 440 forks source link

Unprivileged spoofing with different IP address #32

Closed kograssmann closed 3 years ago

kograssmann commented 3 years ago

Hi,

I tried to spoof LLMNR traffic using the C# Version of Inveigh and redirect the traffic to a Kali machine as an unprivileged user. As the sniffer is described as requiring privileges, I disabled it. When I do this Inveigh seems to always use the IP of the local Windows machine for spoofing.

I think the issue is in the following code from Support/Arguments.cs (line 249-262).

            if (!string.Equals(Program.argListenerIP, "0.0.0.0") && string.IsNullOrEmpty(Program.argSpooferIP))
                {
                    Program.argSpooferIP = Program.argListenerIP;
                }
                else
                {
                    Program.argSpooferIP = GetLocalIPAddress("IPv4");

                    if (string.IsNullOrEmpty(Program.argSpooferIP))
                    {
                        Program.enabledIPv4 = false;
                    }

                }

This code is entered, when the sniffer is disabled and seems to always set the SpooferIP to the LocalIPAddress. I was able to get my use case to work by commenting out Program.argSpooferIP = GetLocalIPAddress("IPv4");. Could you have a look at the code and possibly insert an additional statement here, that handles the case where the user supplies a custom SpooferIP as an argument?

Best regards

Kevin-Robertson commented 3 years ago

Thanks! I'll get that fixed.

Kevin-Robertson commented 3 years ago

This should be fixed now, thanks again for reporting it.