chema alonso - hachetetepe dospuntos slaac slaac [rooted con 2013]
DESCRIPTION
El protocolo IPv6 está por defecto instalado y configurado en todos los Windows con kernel 6.x, es decir, desde Windows Vista a Windows Server 2012, y entre los muchos protocolos y estándares que rodean a IPv6 SLAAC es quizá el que más juego puede dar en una organización. En esta sesión se verán algunos ejemplos de uso de SLAAC que harán que tus auditorías de seguridad sean mucho más divertidas.TRANSCRIPT
IPv6 Basics & Attacks
• Watch NCN’12 video – http://www.elladodelmal.com/2012/11/fc
001-algunos-ataques-en-ipv6.html
IPv6 is on your box!
And it works!: ipconfig
And it works!: route print
And it works!: ping
And it works!: ping
LLMNR
And it works!: Neightbors
ICMPv6
• No ARP – No ARP Spoofing
– Tools anti-ARP Spoofing are useless
• Neighbor Discover uses ICPMv6 – NS: Neighbor Solicitation
– NA: Neighbor Advertisement
NS/NA
NA Spoofing
NA Spoofing
Demo 1: Mitm using NA Spoofing
ICMPv6: SLAAC • Stateless Address Auto Configuration • Devices ask for routers • Routers public their IPv6 Address • Devices auto-configure IPv6 and Gateway
– RS: Router Solicitation – RA: Router Advertisement
DNS Autodiscovery
And it works!: Web Browser
Windows Behavior
• IPv4 & IPv6 – DNSv4 queries A & AAAA
• IPv6 Only – DNSv6 queries A
• IPv6 & IPv4 Local Link – DNSv6 queries AAAA
DNS64 & NAT64
HTTP-s Connections
• SSL Strip – Remove “S” from HTTP-s links
• SSL Sniff – Use a Fake CA to create dynamicly Fake CA
• Evil FOCA does SSL Strip (so far)
Demo 2: hachetetepé dos puntos SLAAC SLACC
SLAAC D.O.S.
Conclusions
• IPv6 is on your box – Configure it or kill it (if possible)
• IPv6 is on your network – IPv4 security controls are not enough
– Topera
Conclusions
FEAR (the EVIL) FOCA!
Thanks to • THC (The Hacking Choice)
– Included in Back Track – Parasite6 – Redir6 – Flood_router6 – …..
• Scappy
…and some last words