Inveigh icon indicating copy to clipboard operation
Inveigh copied to clipboard

Published 20 hours ago verified publisher icon Kevin-Robertson

Setting -EvadeRG N has no effect

Open chppppp opened this issue 5 years ago • 2 comments

Using the command line options

PS C:\> Invoke-Inveigh -ConsoleOutput Y -NBNS Y -mDNS Y -HTTPS Y -Proxy Y -NBNSTypes 00,20,03,1B -MachineAccounts Y -EvadeRG N

Inveigh will still drop requests

[+] [2019-05-03T14:50:02] NBNS request for ASDF<42-4B> received from 10.20.43.149 [NBNS type disabled]
[+] [2019-05-03T14:50:03] NBNS request for ASDF<42-4B> received from 10.20.43.149 [NBNS type disabled]
[+] [2019-05-03T14:50:10] LLMNR request for ASDF received from 10.20.43.149 [response sent]
WARNING: [!] [2019-05-03T14:50:10] NBNS request for *              <00> received from 10.20.43.149 [possible ResponderGuard request ignored]

chppppp avatar May 03 '19 18:05 chppppp

I think I spotted the issues. I haven't had a chance to test though. The fixes are in the dev repo version.

Is that an actual ResponderGuard request or is that a false positive?

Kevin-Robertson avatar May 07 '19 00:05 Kevin-Robertson

Workstations are running SEP so either it’s a false positive or SEP is doing some kind of ResponderGuard.

Thanks so much Kevin. Wish I was strong enough in PS to submit the PR myself :)

chppppp avatar May 07 '19 13:05 chppppp