bug fixes

Kevin-Robertson · Jul 11, 2021 · 0b091e7 · 0b091e7
1 parent 81cb262
commit 0b091e7
Show file tree

Hide file tree

Showing 8 changed files with 43 additions and 31 deletions.
diff --git a/Inveigh/Listeners/HTTPListener.cs b/Inveigh/Listeners/HTTPListener.cs
@@ -216,7 +216,7 @@ internal void ReceiveClient(object parameters)
 
                         if (wpadAuthIgnoreMatch)
                         {
-                            Output.Queue(string.Format("[-] [{0}] {1}({2}) switching wpad.dat auth to anonymous due to user agent match from {3}:{4}", DateTime.Now.ToString("s"), type, listenerPort, sourceIP, sourcePort));
+                            Output.Queue(string.Format("[-] [{0}] {1}({2}) switching wpad.dat auth to anonymous due to user agent match from {3}:{4}", Output.Timestamp(), type, listenerPort, sourceIP, sourcePort));
                         }
 
                     }

diff --git a/Inveigh/Listeners/LDAPListener.cs b/Inveigh/Listeners/LDAPListener.cs
@@ -90,7 +90,7 @@ internal void ReceiveClient(object parameters)
                 LDAPMessage message2 = new LDAPMessage();
                 message2.MessageID = message.MessageID;
                 byte[] buffer = new byte[0];
-                Output.Queue(String.Format("[.] [{0}] LDAP({1}) message type {2} request from {3}:{4}", DateTime.Now.ToString("s"), listenerPort, message.Tag, clientIP, clientPort));
+                Output.Queue(String.Format("[.] [{0}] LDAP({1}) message type {2} request from {3}:{4}", Output.Timestamp(), listenerPort, message.Tag, clientIP, clientPort));
 
                 if (message.Tag == 3)
                 {

diff --git a/Inveigh/Listeners/SMBListener.cs b/Inveigh/Listeners/SMBListener.cs
@@ -159,7 +159,7 @@ internal void ReceiveClient(object parameters)
                         {
                             smb2NegotiateResponse.DialectRivision = new byte[2] { 0xff, 0x02 };
                             smb2NegotiateResponse.Capabilities = new byte[4] { 0x07, 0x00, 0x00, 0x00 };
-                            Output.Queue(String.Format("[.] [{0}] SMB1({1}) negotiation request received from {2}:{3}", DateTime.Now.ToString("s"), listenerPort, clientIP, clientPort));
+                            Output.Queue(String.Format("[.] [{0}] SMB1({1}) negotiation request received from {2}:{3}", Output.Timestamp(), listenerPort, clientIP, clientPort));
                         }
                         else if (isSMB2)
                         {
@@ -172,13 +172,13 @@ internal void ReceiveClient(object parameters)
                                 smb2NegotiateResponse.Capabilities = new byte[4] { 0x2f, 0x00, 0x00, 0x00 };
                                 smb2NegotiateResponse.NegotiateContextOffset = 448;
                                 smb2NegotiateResponse.NegotiateContextList = new SMB2NegotiateContext().GetBytes(new string[] { "1", "2", "3" });
-                                Output.Queue(String.Format("[.] [{0}] SMB3({1}) negotiated with {2}:{3}", DateTime.Now.ToString("s"), listenerPort, clientIP, clientPort));
+                                Output.Queue(String.Format("[.] [{0}] SMB3({1}) negotiated with {2}:{3}", Output.Timestamp(), listenerPort, clientIP, clientPort));
                             }
                             else
                             {
                                 smb2NegotiateResponse.DialectRivision = new byte[2] { 0x10, 0x02 };
                                 smb2NegotiateResponse.Capabilities = new byte[4] { 0x07, 0x00, 0x00, 0x00 };
-                                Output.Queue(String.Format("[.] [{0}] SMB2({1}) negotiated with {2}:{3}", DateTime.Now.ToString("s"), listenerPort, clientIP, clientPort));
+                                Output.Queue(String.Format("[.] [{0}] SMB2({1}) negotiated with {2}:{3}", Output.Timestamp(), listenerPort, clientIP, clientPort));
                             }
 
                             responseSMB2Header.Reserved2 = requestSMB2Header.Reserved2; // todo fix

diff --git a/Inveigh/Program.cs b/Inveigh/Program.cs
@@ -4,6 +4,7 @@
 using System.Net;
 using System.IO;
 using System.Collections;
+using Quiddity.NTLM;
 
 namespace Inveigh
 {
@@ -170,7 +171,7 @@ class Program
         public static string netbiosDomain = Environment.UserDomainName;
         public static string dnsDomain = "";    
         public static ulong smb2Session = 5548434740922023936; // todo check
-        public static string version = "2.0.1";
+        public static string version = "2.0.2";
 
         static void Main(string[] arguments)
         {
@@ -627,7 +628,7 @@ static void Main(string[] arguments)
                 catch (Exception ex)
                 {
                     Console.WriteLine(outputList.Count);
-                    outputList.Add(String.Format("[-] [{0}] Console error detected - {1}", DateTime.Now.ToString("s"), ex.ToString()));                 
+                    outputList.Add(String.Format("[-] [{0}] Console error detected - {1}", Output.Timestamp(), ex.ToString()));                 
                 }
 
             }

diff --git a/Inveigh/Protocols/Quiddity/Protocols/NTLM/NTLMResponse.cs b/Inveigh/Protocols/Quiddity/Protocols/NTLM/NTLMResponse.cs
@@ -188,12 +188,13 @@ public string GetFormattedHash(string challenge, string user, string domain)
 
         private SPNEGONegTokenResp Decode(byte[] data)
         {
+
             SPNEGONegTokenResp spnegoNegTokenResp = new SPNEGONegTokenResp
             {
-                NegState = ASN1.GetTagBytes(1, data)[0],
-                SupportedMech = ASN1.GetTagBytes(6, data),
+                NegState = ASN1.GetTagBytes(10, data)[0],
+                //SupportedMech = ASN1.GetTagBytes(6, data),
                 ResponseToken = ASN1.GetTagBytes(4, data),
-                MechListMIC = ASN1.GetTagBytes(4, ASN1.GetTagBytes(163, data))
+                //MechListMIC = ASN1.GetTagBytes(4, ASN1.GetTagBytes(163, data))
             };
 
             return spnegoNegTokenResp;

diff --git a/Inveigh/Protocols/Quiddity/Protocols/SPNEGO/SPNEGONegTokenResp.cs b/Inveigh/Protocols/Quiddity/Protocols/SPNEGO/SPNEGONegTokenResp.cs
@@ -45,7 +45,7 @@ class SPNEGONegTokenResp
         public SPNEGONegTokenResp()
         {
             this.NegState = 0;
-            this.SupportedMech = new byte[10];
+            this.SupportedMech = new byte[10]; // todo check
             this.ResponseToken = new byte[0];
             this.MechListMIC = new byte[0];
         }

diff --git a/Inveigh/Sniffer/Sniffer.cs b/Inveigh/Sniffer/Sniffer.cs
@@ -75,7 +75,7 @@ public static void Start(string protocol, string snifferIP, bool isIPV6)
 
                 if (ex.Message.Equals("An attempt was made to access a socket in a way forbidden by its access permissions"))
                 {
-                    Output.Queue(String.Format("[!] Error starting packet sniffer, check if shell has elevated privilege or set -Sniffer N for listener only mode.", DateTime.Now.ToString("s")));
+                    Output.Queue(String.Format("[!] Error starting packet sniffer, check if shell has elevated privilege or set -Sniffer N for listener only mode.", Output.Timestamp()));
                     Thread.Sleep(10);
                     Program.isRunning = false;
                 }
@@ -155,7 +155,7 @@ public static void Start(string protocol, string snifferIP, bool isIPV6)
                                 {
                                     tcpHeader.ReadBytes(snifferData, ipHeaderLength);
 
-                                    if (tcpHeader.SYN && !tcpHeader.ACK && snifferIP.StartsWith(destinationIP))
+                                    if (tcpHeader.SYN && !tcpHeader.ACK && snifferIP.Equals(destinationIP))
                                     {
                                         Output.Queue(String.Format("[.] [{0}] TCP({1}) SYN packet from {2}:{3}", Output.Timestamp(), tcpHeader.DestinationPort, sourceIP, tcpHeader.SourcePort));
                                     }
@@ -538,7 +538,7 @@ internal static void ProcessSMB(byte[] data, string clientIP, string listenerIP,
                                         }
                                         else
                                         {
-                                            Output.Queue(string.Format("[.] [{0}] SMB({1}) Kerberos authentication from {2}:{3}", DateTime.Now.ToString("s"), clientPort, clientIP, listenerPort));
+                                            Output.Queue(string.Format("[.] [{0}] SMB({1}) Kerberos authentication from {2}:{3}", Output.Timestamp(), clientPort, clientIP, listenerPort));
                                         }
 
                                     }
@@ -635,7 +635,7 @@ internal static void ProcessSMB(byte[] data, string clientIP, string listenerIP,
                                         }
                                         else
                                         {
-                                            Output.Queue(string.Format("[.] [{0}] SMB({1}) Kerberos authentication from {2}:{3}", DateTime.Now.ToString("s"), clientPort, clientIP, listenerPort));
+                                            Output.Queue(string.Format("[.] [{0}] SMB({1}) Kerberos authentication from {2}:{3}", Output.Timestamp(), clientPort, clientIP, listenerPort));
                                         }
 
                                     }

diff --git a/Inveigh/Support/Arguments.cs b/Inveigh/Support/Arguments.cs
@@ -246,32 +246,42 @@ public static void ParseArguments()
             else
             {
 
-                if (!string.Equals(Program.argListenerIP, "0.0.0.0") && string.IsNullOrEmpty(Program.argSpooferIP))
-                {
-                    Program.argSpooferIP = Program.argListenerIP;
-                }
-                else
+                if (string.IsNullOrEmpty(Program.argSpooferIP))
                 {
-                    Program.argSpooferIP = GetLocalIPAddress("IPv4");
 
-                    if (string.IsNullOrEmpty(Program.argSpooferIP))
+                    if (!string.Equals(Program.argListenerIP, "0.0.0.0"))
                     {
-                        Program.enabledIPv4 = false;
+                        Program.argSpooferIP = Program.argListenerIP;
                     }
+                    else
+                    {
+                        Program.argSpooferIP = GetLocalIPAddress("IPv4");
 
-                }
+                        if (string.IsNullOrEmpty(Program.argSpooferIP))
+                        {
+                            Program.enabledIPv4 = false;
+                        }
+
+                    }
 
-                if (!string.Equals(Program.argListenerIPv6, "::") && string.IsNullOrEmpty(Program.argSpooferIPv6))
-                {
-                    Program.argSpooferIPv6 = Program.argListenerIPv6;
                 }
-                else
+
+                if (string.IsNullOrEmpty(Program.argSpooferIPv6))
                 {
-                    Program.argSpooferIPv6 = GetLocalIPAddress("IPv6");
 
-                    if (string.IsNullOrEmpty(Program.argSpooferIPv6))
+                    if (!string.Equals(Program.argListenerIPv6, "::"))
                     {
-                        Program.enabledIPv6 = false;
+                        Program.argSpooferIPv6 = Program.argListenerIPv6;
+                    }
+                    else
+                    {
+                        Program.argSpooferIPv6 = GetLocalIPAddress("IPv6");
+
+                        if (string.IsNullOrEmpty(Program.argSpooferIPv6))
+                        {
+                            Program.enabledIPv6 = false;
+                        }
+
                     }
 
                 }