Closed IAMinZoho closed 2 years ago
S3cur3Th1sSh1t
commented
2 years ago Well. You should start reading the code to understand what it does. 😉 I’m specifying parameters for inveigh to dump the hashes into a file instead of console output. So that’s why you can’t see incoming hashes. 🤷♂️ But there is an output directory instead.
IAMinZoho
commented
2 years ago Thanks for your response. I did check the directory but no file is created. Nothing that shows the ntlm hashes. I tried editing the invoke-Inveigh command with FileOutput -Disabled but still couldn't make it to work.
IAMinZoho
commented
2 years ago I tried everything. Is there any logs that I can share. I did see that the Inveigh module of WinPwn would open a new PS Script process but going through some earlier issues (posted in Github), I learnt that AMSI bypass was not getting applied to Inveigh. So I assume that Inveigh loads and runs on the existing PS session but I am unable to get the NTLM hashes. No output file in the Directory. Any help would be greatly appreciated!
First of all thanks for your swift response!!
I am not sure if this is a issue ( I am just a script kiddie ;-)) Please check the screenshot using Kevin-Robertson's script:
But using WinPwn I am unable to get it working:
This time I must be doing something wrong. Please help.