Infrastructure penetration testing notes
  • Initial page
  • Table Of Content
  • Infrastructure testing
    • Enumeration
      • Packet Capture
      • Host Discovery
      • Services / Ports
        • 21 - FTP
        • 22 - SSH
        • 25 - SMTP
        • 53 - DNS
        • 67 - DHCP
        • 69 - TFTP
        • 79 - Finger
        • 88 - Kerberos
        • 111 - RPC
        • 113 - ident
        • 135 - MSRPC
        • 137 - Netbios
        • 139/445 - SMB
        • 161 - SNMP
        • 177 - XDMCP
        • 363 - LDAP
        • 443 - HTTPS
        • 500 - IKE (IPSEC)
        • 512/513/514 - R Services
        • 623 - IPMI
        • 873 - RSYNC
        • 1099 - Java RMI
        • 1433 - Microsoft SQL
        • 1521 - Oracle DB
        • 2049 - NFS
        • 3306 - MySQL
        • 3389 - RDP
        • 5432 - PostgresSQL
        • 5900 - VNC
        • 5985 - WinRM
        • 6000 - X11
        • 6379 - Redis
        • 8080 - Jenkins
        • 11211 - Memcached
        • RDS
        • SQLite
        • Docker
      • IPV6
        • Scanning
        • Enumeration
        • Transfering files
        • Pivoting and routes
        • THC IPv6
    • Gaining Access
      • IP Forwarding
      • VLAN Information
      • Psexec
      • Upgrading shell
      • Reverse Shells One-Liners
      • Bruteforce
      • MITM cleartext protocols
      • Null session
      • LLMNR / NBT NS Spoofing
      • Port knocking
      • Downloading/Transfer files
      • Remote Desktop
      • NAC Bypass
      • Pass-The-Hash
    • Exploitation
      • Solaris
      • IPv6
      • Windows
        • Compiling Code
        • SMB Vulnerabilities
        • Kerberos Attacks
    • Privilege Escalation
      • Situational Awareness
        • Linux
        • Windows
          • Registry
          • PowerView
          • FSMO Roles
      • Windows
        • Disable Apps and Firewall
        • Add user script
        • UAC Bypass
        • icacls
        • Running services
        • Common Exploits
      • Linux
        • SUID Shell script
        • CVE-2019-14287
        • Kernel exploit
      • Solaris
      • FreeBSD
      • Automated tools
      • Metasploit Modules
      • Password Dumping
    • Breakout
      • LOLBas
      • powershell constrained language byass
      • Alternatives to command prompt
      • Windows utilities
      • Applocker
      • Restricted shells
      • Environmental Variables / Bypassing Path Restrictions
      • Docker escape
      • Just Enough Administration (JEA)
    • Presistance
      • Windows
    • Pivoting
      • Adding routes
    • Password Cracking
      • Hashcat
      • John
      • Cisco Passwords
      • Passwords Lists
      • Generating wordlist
    • Tools
      • Nishang
      • UACME
      • Bypass-UAC
      • MSBuildAPICaller
      • Impacket
      • SharpPersist
      • Terminals
      • IP Calculation
      • pwsh
      • psTools / Sysinternals
      • Unlock applocker
      • enum4linux
      • Bloodhound
        • aclpwn
      • mitm6
      • Enyx
      • nfsshell
      • PowerUpSQL
      • Metasploit
        • msfvenom
    • Others
Powered by GitBook
On this page
  • Discover Hosts:
  • Discover routers

Was this helpful?

  1. Infrastructure testing
  2. Enumeration
  3. IPV6

THC IPv6

THC-IPV6-ATTACK-TOOLKIT (c) 2005-2020 vh@thc.org https://github.com/vanhauser-thc/thc-ipv6

The THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking tools:

  • parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you

    as man-in-the-middle, same as ARP mitm (and parasite)

  • alive6: an effective alive scanng, which will detect all systems

    listening to this address

  • dnsdict6: parallized DNS IPv6 dictionary bruteforcer

  • fake_router6: announce yourself as a router on the network, with the

    highest priority

  • redir6: redirect traffic to you intelligently (man-in-the-middle) with

    a clever ICMPv6 redirect spoofer

  • toobig6: mtu decreaser with the same intelligence as redir6

  • detect-new-ip6: detect new IPv6 devices which join the network, you can

    run a script to automatically scan these systems etc.

  • dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP

    collides on the network (DOS).

  • trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN

  • flood_router6: flood a target with random router advertisements

  • flood_advertise6: flood a target with random neighbor advertisements

  • fuzz_ip6: fuzzer for IPv6

  • implementation6: performs various implementation checks on IPv6

  • implementation6d: listen daemon for implementation6 to check behind a FW

  • fake_mld6: announce yourself in a multicast group of your choice on the net

  • fake_mld26: same but for MLDv2

  • fake_mldrouter6: fake MLD router messages

  • fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication

  • fake_advertiser6: announce yourself on the network

  • smurf6: local smurfer

  • rsmurf6: remote smurfer, known to work only against linux at the moment

  • exploit6: known IPv6 vulnerabilities to test against a target

  • denial6: a collection of denial-of-service tests againsts a target

  • thcping6: sends a hand crafted ping6 packet

  • sendpees6: a tool by willdamn@gmail.com, which generates a neighbor

    solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the

    CPU busy. nice.

    and about 25 more tools for you to discover :-)

Discover Hosts: 

root@kali:~# atk6-alive6 eth0 
Alive: 2a02:c7f:9e17:fc00:20c:29ff:fe89:235a [ICMP echo-reply] 
Alive: 2a02:c7f:9e17:fc00:20c:29ff:feb2:a4bd [ICMP echo-reply] 

Scanned 1 address and found 2 systems alive

Discover routers

root@kali:~# dump_router6

PreviousPivoting and routesNextGaining Access

Last updated 5 years ago

Was this helpful?