Penetration testing with IPv6
Today has been released the Uninformed (number 10) magazine. As usual it is a very interesting read, with very nice and technical articles there. One of them caught my eye, written by H D Moore – Exploiting Tomorrow’s Internet Today, Penetration testing with IPv6.
IPv6 is an Internet layer protocol designed to substitute the current IPv4. The article covers the basics of IPv6 such as configuration and addressing standards.
Later in the article the author some of the common tasks of penetration testing focusing on IPv6 protocol:
Van Hauser’s IPv6 Attack Toolkit contains a tool for this. The alive6 tool sends an ICMP6 packet using Neighbor Discovery protocol:
# alive6 eth0 Alive: fe80:0000:0000:0000:xxxx:xxff:fexx:xxxx Alive: fe80:0000:0000:0000:yyyy:yyff:feyy:yyyy Found 2 systems alive
Tools ip and ping6 can also be used for that:
# ping6 -c 3 -I eth0 ff02::1 >/dev/null 2>&1 # ip neigh | grep ^fe80 fe80::211:43ff:fexx:xxxx dev eth0 lladdr 00:11:43:xx:xx:xx fe80::21e:c9ff:fexx:xxxx dev eth0 lladdr 00:1e:c9:xx:xx:xx fe80::218:8bff:fexx:xxxx dev eth0 lladdr 00:18:8b:xx:xx:xx [...]
It is interesting the use of socat to ‘translate’ from IPv4 to IPv6 and then being able to use the common penetration testing tools:
$ socat TCP-LISTEN:8080,reuseaddr,fork TCP6:[IPv6%eth0]:80
In the example above socat creates and binds a local IPv4 port (8080) to a remote IPv6 service which was listening on port 80. After running the command above, the penetration tester can confortably use the common web assessment tools such as nikto o web proxies even if they don’t natively support IPv6.