Not a member? Register | Lost your password?
Close Panel

24

May

2010

IPv6 Hackit – The IPv6 Army Knife

By IPSECS Admin. Posted in Exploitation, News | 1 Comment »

IPv6 is future protocol internet with rich of security features but hackers always do research and try to exploit it. Times by times, days by days, papers and presentations which explains who to defeat this protocol are widely published. Van Hauser of The Hacker Choice (THC) releases his IPv6 attack toolkit to exploit IPv6 protocol weakness. His tools can be freely downloaded on THC website. HD Moore, author Metasploit project wrote paper about Exploiting Tomorrow’s Internet Today: Penetration testing with IPv6 which can be read on http://uninformed.org. His paper tells us about exploiting  IPv6 applications by proxying/relaying via IPv4.

IPSECS, unofficially releases his IPv6 Hackit on sourceforge and papers which nearly complete explains IPv6 exploitation. His papers content of :

  • Introduction to IPv6
  • Connecting to IPv6 Backbone (IPv6-in-IPv4 Tunneling using TSP)
  • An Introduction to IPv6 Socket Programming
  • IPv6 Discovery & Scanning (via ICMP, TCP, DNS)
  • Writing IPv6 Remote Exploit & Shellcoding (Stack Based Buffer Overflow, Format String)
  • IPv6 Protocol Vulnerability (Man In The Middle, Denial of Service)

You can freely download this paper on core.ipsecs.com written in Indonesian. IPSECS wrote IPv6-Hackit using Perl Scripting Language which means that the tools don’t need to be compiled. Somehow, this tool needs some perl module to be installed:

  • strict
  • warnings
  • Switch
  • English
  • Net::DNS
  • POSIX
  • Getopt::Long
  • LWP::UserAgent
  • HTTP::Message
  • IO::Socket::INET6

This tool supports to do:

  • Hosts Enumeration finding which host is up/down.
  • TCP Port scanning to find which port is open/close.
  • Googling via unix shell to find possible IPv6 domains.
  • Finding AAAA IPv6 host record from single or massive collected domains.
  • Getting shell from IPv6 binding shellcode/payload.
  • Getting shell from IPv6 reverse shellcode/payload.
  • Exploiting simple IPv6 application weakness (currently this module is still developed)
  • IPv6 Binding backdoor with authentication (currently this module is still developed)

You can easily download this IPv6 Hackit on ipv6hackit.sourceforge.net. Meanwhile you play this tools and read the paper, now we develope grid-toolkit to be released soon. So just follow and watch this website, IPSECS just gives best stuff to play with! Finally enjoy guys!