Description
Starts one or more Inveigh protocol listeners (HTTP, HTTPS, SMB, LDAP, Proxy) to capture NTLM challenge/response hashes from inbound connections.
Overview
Starts Inveigh rogue listeners for the specified protocols. Connecting clients are challenged for NTLM authentication; captured hashes are stored in the Inveigh session and retrievable with Get-InveighCredential. HTTPS requires a certificate. The Proxy listener intercepts HTTP proxy requests.
Arguments
| Parameter | Type | Description |
|---|---|---|
| Protocol | string[] | Listener protocols to start. ValidateSet: HTTP, HTTPS, Proxy, SMB, LDAP. |
| IPAddress | string | Local IP address to bind. |
| HTTPPort | int | HTTP listener port. Default: 80. |
| HTTPSPort | int | HTTPS listener port. Default: 443. |
| SMBPort | int | SMB listener port. Default: 445. |
| LDAPPort | int | LDAP listener port. Default: 389. |
| ProxyPort | int | Proxy listener port. Default: 8492. |
| HTTPAuth | string | HTTP auth method. ValidateSet: NTLM, BASIC, ANONYMOUS. Default: NTLM. |
| WPADAuth | string | WPAD proxy auth method. ValidateSet: NTLM, BASIC, ANONYMOUS. Default: NTLM. |
| WPADResponse | string | Custom WPAD response body returned to clients. |
| EnableWebDAV | bool | Enable WebDAV support on the HTTP listener. Default: false. |
| Challenge | string | Fixed 8-byte hex NTLM challenge. Leave blank to use a random challenge per connection. |
| NetbiosDomain | string | NetBIOS domain name used in NTLM challenges. |
| ComputerName | string | Computer name used in NTLM challenges. |
| DNSDomain | string | DNS domain used in NTLM challenges. |
| Cert | string | Path to certificate file for the HTTPS listener. |
| CertPassword | string | Password for the HTTPS certificate file. |
Dependencies
- inveigh
Operating Systems
- Windows
Example Text Output
Protocol State StartedAt
-------- ----- ---------
HTTP Running 4/27/2026 09:02:00
SMB Running 4/27/2026 09:02:00
LDAP Running 4/27/2026 09:02:00