THC-IPV6
Last update 2010-06-24
A complete tool set to attack the inherent protocol weaknesses of IPV6
and ICMP6, and includes an easy to use packet factory library.
Download the current version here:
thc-ipv6-1.2.tar.gz
Thanks a lot to all those conference organizers to make it possible for me
show my presentation all over the world:
* VnSec, Vietnam, August 2007
* Hack LU, Luxembourg, October 2006
* Hack in the Box, Kuala Lumpur, September 2006
* CanSecWest, Vancouver, April 2006
* EuSecWest, London, February 2006
* CCC Congress, Berlin, December 2005
* Pacsec, Tokyo, November 2005
And here is - finally - the complete presentation for downloading: vh_thc-ipv6_attack.pdf
Have fun!
[0x00] News and Changelog
Please note that public versions do not include all tools available!
Those who send in patches, tools and give good feedback get private
versions which are released more often, include unreleased tools
and more!
NOTE: More tools exist, but are only handed out to specific people
who develop ipv6 security/pentest tools themselves, or support the
thc-ipv6 toolkit development. If this matches *you* send me an
email to vh (at) thc (dot) org , with "thc-ipv6 antispam" in the
subject line.
CHANGELOG since 0.8 to 1.1 (no public version in between):
###########
v1.2 - June 2010
* compile fixes
* test case added to implementation6
v1.1 - June 2010 - PUBLIC
* dnsdict6: big wordlist update
* upgraded thc-ipv6 license to GPLv3
v1.0 - May 2010 - PRIVATE
* small fixes
v0.9 - April 2010 - PRIVATE
* added dnsdict6
* added trace6
* added flood_router6
* added flood_advertise6
* added fuzz_ip6
* added implementation6d
* implementation6:
- renamed from test_implementation6
- added A LOT of test cases and reply checks
* fake_router6:
- changed command line options
- added default route entry (not supported by many systems though)
- added DNS server ip (the official dns multicast address)
- small fixes
* alive6:
- small fixes
- added -l switch for using the link layer address
* library:
- fixed a big bug in the routing module, library thought sometimes a
a remote network is local
- fixed a bug where a hard/permanent set mac for a destination would
not be found when the dst is not alive
- now chooses an alternate IP6 address when the prefered one
is not available (link vs. global)
- fixed TTL setting when using raw mode
- supporting mobile home address option in dst option (for checksum)
- pcap was opened in promisc mode - shouldnt have been, unnecessary
- valid icmp checksum for mobile home address and routing pointer == 0
- TCP can be now added as a header too + checksum calculation, but
not for inverse_packet (yet - no application for that currently).
v0.8 - June 2007 - PRIVATE
* Improved Makefile
* Added a man page for all tools together (by gebi(at)grml.org)
Have fun!
[0x01] Introduction
Welcome to the mini website of the THC IPV6 project.
This code was inspired when I got into touch with IPv6, learned more and
more about it - and then found no tools to play (read: "hack") around with.
First I tried to implement things with libnet, but then found out that
the ipv6 implementation is only partial - and sucks. I tried to add the
missing code, but well, it was not so easy, hence I saved my time and
quickly wrote my own library.
[0x02] Disclaimer
1. This tool is for legal purposes only!
2. The GPLv3 applies to this code.
[0x03] The Included Tools
- parasite6: icmp neighbor solitication/advertisement spoofer, puts you
as man-in-the-middle, same as ARP mitm (and parasite)
- alive6: an effective alive scanng, which will detect all systems
listening to this address
- dnsdict6: parallized dns ipv6 dictionary bruteforcer
- fake_router6: announce yourself as a router on the network, with the
highest priority
- redir6: redirect traffic to you intelligently (man-in-the-middle) with
a clever icmp6 redirect spoofer
- toobig6: mtu decreaser with the same intelligence as redir6
- detect-new-ip6: detect new ip6 devices which join the network, you can
run a script to automatically scan these systems etc.
- dos-new-ip6: detect new ip6 devices and tell them that their chosen IP
collides on the network (DOS).
- trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
- flood_router6: flood a target with random router advertisements
- flood_advertise6: flood a target with random neighbor advertisements
- fuzz_ip6: fuzzer for ipv6
- implementation6: performs various implementation checks on ipv6
- implementation6d: listen daemon for implementation6 to check behind a fw
- fake_mld6: announce yourself in a multicast group of your choice on the net
- fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
- fake_advertiser6: announce yourself on the network
- smurf6: local smurfer
- rsmurf6: remote smurfer, known to work only against linux at the moment
- sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor
solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
[0x04] Documentation
THC-IPV6 comes with a rather long README file that describes the
details about the usage and library interface.
[0x05] Development & Contributions
Your contributions are more than welcomed!
If you find bugs, coded enhancements or wrote a new attack tool
please send them to vh (at) thc (dot) org - and add the word "antispam"
to the subject line.
[0x06] The Art of Downloading: Source and Binaries
The source code of IPV6: thc-ipv6-1.2.tar.gz
(Note: it is for Linux 2.6, IA32 only!)
Comments and suggestions are welcome.
Yours sincerly,
van Hauser
The Hackers Choice
http://www.thc.org