Penetration testing with IPv6
Published on Oct. 1, 2008 by SECFORCE
Today has been released the Uninformed (number 10) magazine. As usual it is a very interesting read, with very nice and technical articles there. One of them caught my eye, written by H D Moore – Exploiting Tomorrow’s Internet Today, Penetration testing with IPv6.
IPv6 is an Internet layer protocol designed to substitute the current IPv4. The article covers the basics of IPv6 such as configuration and addressing standards.
Later in the article the author some of the common tasks of penetration testing focusing on IPv6 protocol:
Network Discovery
Van Hauser’s IPv6 Attack Toolkit contains a tool for this. The alive6 tool sends an ICMP6 packet using Neighbor Discovery protocol:
# alive6 eth0
Alive: fe80:0000:0000:0000:xxxx:xxff:fexx:xxxx
Alive: fe80:0000:0000:0000:yyyy:yyff:feyy:yyyy
Found 2 systems alive
Tools ip and ping6 can also be used for that:
# ping6 -c 3 -I eth0 ff02::1 >/dev/null 2>&1
# ip neigh | grep ^fe80
fe80::211:43ff:fexx:xxxx dev eth0 lladdr 00:11:43:xx:xx:xx
fe80::21e:c9ff:fexx:xxxx dev eth0 lladdr 00:1e:c9:xx:xx:xx
fe80::218:8bff:fexx:xxxx dev eth0 lladdr 00:18:8b:xx:xx:xx
[...]
H D More also covers the use of Nmap and Metasploit against IPv6 hosts.
It is interesting the use of socat to ‘translate’ from IPv4 to IPv6 and then being able to use the common penetration testing tools:
$ socat TCP-LISTEN:8080,reuseaddr,fork TCP6:[IPv6%eth0]:80
In the example above socat creates and binds a local IPv4 port (8080) to a remote IPv6 service which was listening on port 80. After running the command above, the penetration tester can confortably use the common web assessment tools such as nikto o web proxies even if they don’t natively support IPv6.
You may also be interested in...
Method to leak matching Scroll-to-Text Fragments that will power the xsleaks collection as well as CSS exfiltration techniques.
See more
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP.
See more
