Monday, December 20, 2010

IPv6 PIng Host Discovery (metasploit module)

I am submitting a metasploit module that does link-local, and node-local host discovery by pinging the IPv6 multicast addresses that hosts, and routers are supposed to join when provisioning their IP addresses.

The workflow is pretty simple:

1. Send ICMPv6 echoRequest to FF01::1 (node-local all nodes), FF01::2(node-local all routers), FF02::1 (link-local all nodes), FF02::2 (link-local all routers)
2. Wait for any ICMPv6 echoResponse

Sample output:

msf > use auxiliary/scanner/discovery/ipv6_multicast_ping 
msf auxiliary(ipv6_multicast_ping) > set shost fe80::21a:a0ff:fe52:7068
shost => fe80::21a:a0ff:fe52:7068
msf auxiliary(ipv6_multicast_ping) >  set smac 00:1a:a0:53:71:69
smac => 00:1a:a0:52:70:68
msf auxiliary(ipv6_multicast_ping) > run

[*] Sending multicast pings
[*] Listening for ping responses
[*]    |*| fe80::61e:64ff:fe98:bf72 => 04:1e:64:08:ef:72
[*]    |*| fe80::e1:6cff:fec0:4f4e => 68:7f:74:0a:84:13
[*] Auxiliary module execution completed
msf auxiliary(ipv6_multicast_ping) > 

1 comment: