Penetration testing with IPv6
Published on Oct. 1, 2008 by SECFORCE
Today has been released the Uninformed (number 10) magazine. As usual it is a very interesting read, with very nice and technical articles there. One of them caught my eye, written by H D Moore – Exploiting Tomorrow’s Internet Today, Penetration testing with IPv6.
IPv6 is an Internet layer protocol designed to substitute the current IPv4. The article covers the basics of IPv6 such as configuration and addressing standards.
Later in the article the author some of the common tasks of penetration testing focusing on IPv6 protocol:
Network Discovery
Van Hauser’s IPv6 Attack Toolkit contains a tool for this. The alive6 tool sends an ICMP6 packet using Neighbor Discovery protocol:
# alive6 eth0
Alive: fe80:0000:0000:0000:xxxx:xxff:fexx:xxxx
Alive: fe80:0000:0000:0000:yyyy:yyff:feyy:yyyy
Found 2 systems alive
Tools ip and ping6 can also be used for that:
# ping6 -c 3 -I eth0 ff02::1 >/dev/null 2>&1
# ip neigh | grep ^fe80
fe80::211:43ff:fexx:xxxx dev eth0 lladdr 00:11:43:xx:xx:xx
fe80::21e:c9ff:fexx:xxxx dev eth0 lladdr 00:1e:c9:xx:xx:xx
fe80::218:8bff:fexx:xxxx dev eth0 lladdr 00:18:8b:xx:xx:xx
[...]
H D More also covers the use of Nmap and Metasploit against IPv6 hosts.
It is interesting the use of socat to ‘translate’ from IPv4 to IPv6 and then being able to use the common penetration testing tools:
$ socat TCP-LISTEN:8080,reuseaddr,fork TCP6:[IPv6%eth0]:80
In the example above socat creates and binds a local IPv4 port (8080) to a remote IPv6 service which was listening on port 80. After running the command above, the penetration tester can confortably use the common web assessment tools such as nikto o web proxies even if they don’t natively support IPv6.
You may also be interested in...
We are liaising with UK Trade & Investment and the British Embassy in Brussels to deliver a seminar about How Exposed are we to the Cyber Threat? on Thursday 24 April
See more
In this post I would like to share some steps that were required before testing could begin during a web API penetration test.
See more