Sponsor

Security Videos

Entries in nikto (1)

Sunday
Sep162012

TekTip ep8 - IPv6 Hacking with socat and ANYTHING

IPv6 Hacking w/ socat and ANYTHING
In this episode of TekTip we use socat to facilitate hacking with tools that don't normally support ipv6. While this demo uses nikto as the attacking tool, this methodology will work with most other tools as well.
Lab
fdf8:6fd6:7dc:ae05:f1f1:f1f1:f1f1:f1f1 - BT5 (Pentester)
fdf8:6fd6:7dc:ae05:f0f0:f0f0:f0f0:f0f0 - Web Server (Damn Vulnerable Web App, DVWA)
Socat
socat TCP-LISTEN:8080,reuseaddr,fork TCP6: [fdf8:6fd6:7dc:ae05:f0f0:f0f0:f0f0:f0f0]:80
  • TCP-Listen:  Select the port the listener will be stood up on.
  • reuseaddr:  Allows other sockets to bind to an address even if parts  of  it  (e.g. the local port) are already in use by socat.
  • fork:   After  establishing a connection, handles its channel in a child  process and keeps the parent process attempting to produce  more connections,  either  by  listening  or  by connecting in a loop
Nikto
./nikto.pl -host 127.0.0.1 -port 8080
  • Host:  Target ip.  In our case we will use 127.0.0.1 as socat is lstening and forwarding that traffic to the IPv6 target.
  • Port: Port of the target.  We will use 8080 as this is the port we configured socat to listen on.  This is not the port of the target webserver.  Socat will forward to port 80.
-1aN0rmus@TekDefense.com