During the HW period, in order to prevent phishing, FreeBuf will cancel all external links of submitted articles from now on. Sorry for the inconvenience caused~
About InveighZero
InveighZero is a tool that combines LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofing and man-in-the-middle attacks. The tool is designed to help penetration testing experts and red team researchers find security flaws in target Windows systems. InveighZero is developed based on C#. Many functions in the current version are similar to the PowerShell version of Inveigh (https://github.com/Kevin-
Robertson/Inveigh) are similar.
Privilege escalation mode function (requires administrator privileges)
SMB capture: based on packet spoofing;
LLMNR spoofing: based on packet spoofing;
NBNS spoofing: based on packet spoofing;
mDNSs spoofing: packet-based spoofing;
DNS spoofing: packet-based spoofing;
DHCPv6 spoofing: packet-based spoofing;
Pcap output: TCP and UDP packets;
Data packet spoofing terminal output: SYN data packet, SMB Kerberos negotiation, etc.;
Non-privilege-escalation mode function
LLMNR spoofing: based on UDP listener;
NBNS spoofing: based on UDP listener;
mDNSs spoofing: based on UDP listeners;
DNS spoofing: based on UDP listener;
DHCPv6 spoofing: based on UDP listener;
NOTE: NBNS spoofing works fine on all systems with NBNS enabled. LLMNR and mDNS spoofing appear to only work on Windows 10 and Windows Server
Works fine on 2016.
Other features
HTTP capture: based on TCP listener;
Proxy authentication capture: based on TCP listener;
Features not currently supported
ADIDNS attack;
HTTP-SMB relay;
HTTPS listener;
Kerberos Kirbi output;
Environmental requirements
.NET Framework >= 3.5
Tool acquisition
Researchers can use the following command to clone the project source code locally:
git clone https://github.com/Kevin-Robertson/InveighZero.git
Tool usage
Execute with default configuration:
Inveigh.exe
Set the primary IP address:
Inveigh.exe -IP 192.168.1.1
Send fake (spoofing attack) traffic to other systems:
Inveigh.exe -IP 192.168.1.1 -SpooferIP 192.168.1.2
pcap output for HTTP and SMB:
Inveigh.exe -Pcap Y -PcapTCP 80,445
Screenshot of tool running
Project address
InveighZero: https://github.com/Kevin-Robertson/InveighZero
.(img-qjXKIxro-1690608843906)]
Project address
InveighZero: https://github.com/Kevin-Robertson/InveighZero
Next, I will divide a study schedule for each student!
Study plan
So here comes the question again, as a newbie, what should I learn first, and then what should I learn?
Since you have asked so straightforwardly, let me tell you, what should I start with zero foundation:
Phase 1: Junior Network Security Engineer
Next, I will arrange a one-month primary plan for network security for you. After you finish the study, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis, etc. ;Among them, if you learn the security module well, you can also work as a security engineer.
Comprehensive salary range 6k~15k
1. Theoretical knowledge of network security (2 days)
① Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (1 week)
①Penetration testing process, classification, and standards
②Information collection technology: active/passive information collection, Nmap tool, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④ Host offensive and defensive drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Basic operating system (1 week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③ Operating system security (system intrusion investigation/system reinforcement basis)
4. Basics of computer network (1 week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Analysis of common protocols (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database foundation
②SQL language foundation
③Database security hardening
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top 10
③Web vulnerability scanning tool
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missed scan, etc.)
So, so far, it has taken about 1 month. You’ve successfully become a “script kiddie”. So do you want to continue exploring?
Phase 2: Intermediate or senior network security engineer (depending on your ability)
Comprehensive salary range 15k~30k
7. Script programming learning (4 weeks)
In the field of network security. Having programming ability is the essential difference between “script kiddies” and real network security engineers. In the actual penetration testing process, in the face of a complex and changeable network environment, when the common tools cannot meet the actual needs, it is often necessary to expand the existing tools, or write tools and automated scripts that meet our requirements. Some programming ability is required. In the CTF competition where every second counts, if you want to efficiently use self-made scripting tools to achieve various purposes, you need to have programming skills.
For students with zero foundation, I suggest choosing one of the scripting languages Python/PHP/Go/Java to learn programming of common libraries
Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend “Python Core Programming”, there is no need to read it
Write the exploit of the vulnerability in Python, and then write a simple web crawler
Learn PHP basic grammar and write a simple blog system
Familiar with MVC architecture, and try to learn a PHP framework or Python framework (optional)
Learn about Bootstrap’s layout or CSS.
Phase 3: Top Network Security Engineer
If you are interested in getting started with network security, you can click here if you need it Network security heavy benefits: Getting Started & Advanced A full set of 282G learning resource packages is free to share!
Learning material sharing
Of course, The behavior of only giving plans but not learning materials is tantamount to playing hooligans, here is a [282G] learning materials package for network security engineers from entry to proficiency, click the two below QR code link to get it.
