mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

Related tags

Networking mitm6
Overview

mitm6

Python 2.7 and 3 compatible PyPI version License: GPLv2

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will selectively reply to DNS queries of the attackers choosing and redirect the victims traffic to the attacker machine instead of the legitimate server. For a full explanation of the attack, see our blog about mitm6. Mitm6 is designed to work together with ntlmrelayx from impacket for WPAD spoofing and credential relaying.

Dependencies and installation

mitm6 is compatible with both Python 2.7 and 3.x. You can install the requirements for your version with pip install -r requirements.txt. In both cases, mitm6 uses the following packages:

  • Scapy
  • Twisted
  • netifaces

For python 2.7, it uses the ipaddress backport module. You can install the latest release from PyPI with pip install mitm6, or the latest version from source with python setup.py install after cloning this git repository.

Usage

After installation, mitm6 will be available as a command line program called mitm6. Since it uses raw packet capture with Scapy, it should be run as root. mitm6 should detect your network settings by default and use your primary interface for its spoofing. The only option you will probably need to specify is the AD domain that you are spoofing. For advanced tuning, the following options are available:

usage: mitm6.py [-h] [-i INTERFACE] [-l LOCALDOMAIN] [-4 ADDRESS] [-6 ADDRESS]
                [-m ADDRESS] [-a] [-v] [--debug] [-d DOMAIN] [-b DOMAIN]
                [-hw DOMAIN] [-hb DOMAIN] [--ignore-nofqdn]

mitm6 - pwning IPv4 via IPv6
For help or reporting issues, visit https://github.com/fox-it/mitm6

optional arguments:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Interface to use (default: autodetect)
  -l LOCALDOMAIN, --localdomain LOCALDOMAIN
                        Domain name to use as DNS search domain (default: use
                        first DNS domain)
  -4 ADDRESS, --ipv4 ADDRESS
                        IPv4 address to send packets from (default:
                        autodetect)
  -6 ADDRESS, --ipv6 ADDRESS
                        IPv6 link-local address to send packets from (default:
                        autodetect)
  -m ADDRESS, --mac ADDRESS
                        Custom mac address - probably breaks stuff (default:
                        mac of selected interface)
  -a, --no-ra           Do not advertise ourselves (useful for networks which
                        detect rogue Router Advertisements)
  -v, --verbose         Show verbose information
  --debug               Show debug information

Filtering options:
  -d DOMAIN, --domain DOMAIN
                        Domain name to filter DNS queries on (Whitelist
                        principle, multiple can be specified.)
  -b DOMAIN, --blacklist DOMAIN
                        Domain name to filter DNS queries on (Blacklist
                        principle, multiple can be specified.)
  -hw DOMAIN, --host-whitelist DOMAIN
                        Hostname (FQDN) to filter DHCPv6 queries on (Whitelist
                        principle, multiple can be specified.)
  -hb DOMAIN, --host-blacklist DOMAIN
                        Hostname (FQDN) to filter DHCPv6 queries on (Blacklist
                        principle, multiple can be specified.)
  --ignore-nofqdn       Ignore DHCPv6 queries that do not contain the Fully
                        Qualified Domain Name (FQDN) option.

You can manually override most of the autodetect options (though overriding the MAC address will break things). If the network has some hardware which blocks or detects rogue Router Advertisement messages, you can add the --no-ra flag to not broadcast those. Router Advertisements are not needed for mitm6 to work since it relies mainly on DHCPv6 messages.

Filtering options

Several filtering options are available to select which hosts you want to attack and spoof. First there are the --host-whitelist and --host-blacklist options (or -hw and -hb for short), which take a (partial) domain as argument. Incoming DHCPv6 requests will be filtered against this list. The property checked is the DHCPv6 FQND option, in which the client provides its hostname. The same applies for DNS requests, for this the --domain option (or -d) is available, where you can supply which domain(s) you want to spoof. Blocking specific domains is also possible with --blacklist/-b. Both parameters can be specified multiple times to include/block multiple domains (for example -d domain.local -d otherdomain.local -b somehost.domain.local -b somehost.otherdomain.local).

For both the host and DNS filtering, simple string matching is performed. So if you choose to reply to wpad, it will also reply to queries for wpad.corpdomain.com. If you want more specific filtering, use both the whitelist and blacklist options, since the blacklist takes precedence over the whitelist. By default the first domain specified will be used as the DNS search domain, if you explicitliy want to specify this domain yourself use the --localdomain option.

About network impact and restoring the network

mitm6 is designed as a penetration testing tool and should thus impact the network as little as possible. This is the main reason mitm6 doesn't implement a full man-in-the-middle attack currently, like we see in for example the SLAAC attack. To further minimize the impact, the IP addresses assigned have low time-to-live (TTL) values. The lease will expire within 5 minutes when mitm6 is stopped, which will remove the DNS server from the victims configuration. To prevent DNS replies getting cached, all replies are sent with a TTL of 100 seconds, which makes sure the cache is cleared within minutes after the tool exits.

Usage with ntlmrelayx

mitm6 is designed to be used with ntlmrelayx. You should run the tools next to each other, in this scenario mitm6 will spoof the DNS, causing victims to connect to ntlmrelayx for HTTP and SMB connections. For this you have to make sure to run ntlmrelayx with the -6 option, which will make it listen on both IPv4 and IPv6. To obtain credentials for WPAD, specify the WPAD hostname to spoof with -wh HOSTNAME (any non-existing hostname in the local domain will work since mitm6 is the DNS server). Optionally you can also use the -wa N parameter with a number of attempts to prompt for authentication for the WPAD file itself in case you suspect victims do not have the MS16-077 patch applied.

Detection

The Fox-IT Security Research Team team has released Snort and Suricata signatures to detect rogue DHCPv6 traffic and WPAD replies over IPv6. The signatures are available here: https://gist.github.com/fox-srt/98f29051fe56a1695de8e914c4a2373f

Comments
  • Scapy Error

    Scapy Error

    getting this error after a fresh install on Kali 2019.1

    Unsure if it's something with my install. Tried different versions of mitm6.

    anyways below is the error:

    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 11, in <module>
        load_entry_point('mitm6==0.2.1', 'console_scripts', 'mitm6')()
      File "build/bdist.linux-x86_64/egg/mitm6/mitm6.py", line 366, in main
        reactor.run()
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "build/bdist.linux-x86_64/egg/mitm6/mitm6.py", line 272, in parsepacket
        if arpp.op is arpp.is_at:
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 326, in __getattr__
        return self.payload.__getattr__(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 326, in __getattr__
        return self.payload.__getattr__(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 324, in __getattr__
        fld, v = self.getfield_and_val(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 1427, in getfield_and_val
        raise AttributeError(attr)
    exceptions.AttributeError: is_at
    
    opened by x90skysn3k 9
  • Troubleshooting Unhandled Error: list index out of range

    Troubleshooting Unhandled Error: list index out of range

    Hi, running into an issue on the new Kali instance where mitm6 (from source and pip) are spitting out unhandled errors. I've attempted to ensure all the requirements are installed, adequate versions, and compared to other machines where things seem to be working.

    Any thoughts or pointers as to what might be happening, I'm exhausting my ideas. --debug and -v flags don't seem to return any additional data of value.

    Linux kali 5.2.0-kali3-amd64 #1 SMP Debian 5.2.17-1kali2 (2019-10-17) x86_64 GNU/Linux

    Starting mitm6 using the following configuration:
    Primary adapter: eth0 [28:92:xx:xx:70:5a]
    IPv4 address: 192.168.xx.68
    IPv6 address: fe80::xxxx:xxxx:xxxx:705a
    Warning: Not filtering on any domain, mitm6 will reply to all DNS queries.
    Unless this is what you want, specify at least one domain with -d
    Unhandled Error
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 8, in <module>
        sys.exit(main())
      File "/usr/local/lib/python3.7/dist-packages/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 1283, in run
        self.mainLoop()
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 1292, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 886, in runUntilCurrent
        f(*a, **kw)
      File "/usr/local/lib/python3.7/dist-packages/mitm6/mitm6.py", line 275, in parsepacket
        print('IPv6 address %s is now assigned to %s' % (p[DHCP6OptIA_NA].ianaopts[0].addr, pcdict[p.src]))
    builtins.IndexError: list index out of range
    

    PIP install logs for reference and version info.

    Collecting mitm6
      Using cached https://files.pythonhosted.org/packages/b3/4a/41f2b53f280ae0323c608887ae63c6496a10d4351c6adaee41c26eda4d70/mitm6-0.2.2-py3-none-any.whl
    Processing /root/.cache/pip/wheels/95/bf/51/905b3e84ec4ca910ce4ae92173c7334623105a265bdd1d9438/scapy-2.4.3-py2.py3-none-any.whl
    Processing /root/.cache/pip/wheels/23/8f/f3/7054578f04c904f70757c5c85a6e2823baa69d42365526e93d/netifaces-0.10.9-cp37-cp37m-linux_x86_64.whl
    Collecting twisted
      Using cached https://files.pythonhosted.org/packages/06/28/2a433e147de68c8416aa0179c45e67b67161f5c0f24aaaf1723f6229f574/Twisted-19.10.0-cp37-cp37m-manylinux1_x86_64.whl
    Collecting hyperlink>=17.1.1
      Using cached https://files.pythonhosted.org/packages/7f/91/e916ca10a2de1cb7101a9b24da546fb90ee14629e23160086cf3361c4fb8/hyperlink-19.0.0-py2.py3-none-any.whl
    Requirement already satisfied: attrs>=17.4.0 in /usr/lib/python3/dist-packages (from twisted->mitm6) (18.2.0)
    Collecting PyHamcrest>=1.9.0
      Using cached https://files.pythonhosted.org/packages/9a/d5/d37fd731b7d0e91afcc84577edeccf4638b4f9b82f5ffe2f8b62e2ddc609/PyHamcrest-1.9.0-py2.py3-none-any.whl
    Collecting incremental>=16.10.1
      Using cached https://files.pythonhosted.org/packages/f5/1d/c98a587dc06e107115cf4a58b49de20b19222c83d75335a192052af4c4b7/incremental-17.5.0-py2.py3-none-any.whl
    Collecting constantly>=15.1
      Using cached https://files.pythonhosted.org/packages/b9/65/48c1909d0c0aeae6c10213340ce682db01b48ea900a7d9fce7a7910ff318/constantly-15.1.0-py2.py3-none-any.whl
    Collecting zope.interface>=4.4.2
      Using cached https://files.pythonhosted.org/packages/40/e7/7e1060c2826d6b8c25bebbd1c96177f4b85ecfe3e2478d31acf9eaca3a11/zope.interface-4.7.1-cp37-cp37m-manylinux2010_x86_64.whl
    Collecting Automat>=0.3.0
      Using cached https://files.pythonhosted.org/packages/e5/11/756922e977bb296a79ccf38e8d45cafee446733157d59bcd751d3aee57f5/Automat-0.8.0-py2.py3-none-any.whl
    Collecting idna>=2.5
      Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
    Collecting six
      Using cached https://files.pythonhosted.org/packages/65/26/32b8464df2a97e6dd1b656ed26b2c194606c16fe163c695a992b36c11cdf/six-1.13.0-py2.py3-none-any.whl
    Collecting setuptools
      Using cached https://files.pythonhosted.org/packages/54/28/c45d8b54c1339f9644b87663945e54a8503cfef59cf0f65b3ff5dd17cf64/setuptools-42.0.2-py2.py3-none-any.whl
    Installing collected packages: scapy, netifaces, idna, hyperlink, six, setuptools, PyHamcrest, incremental, constantly, zope.interface, Automat, twisted, mitm6
    Successfully installed Automat-0.8.0 PyHamcrest-1.9.0 constantly-15.1.0 hyperlink-19.0.0 idna-2.8 incremental-17.5.0 mitm6-0.2.2 netifaces-0.10.9 scapy-2.4.3 setuptools-42.0.2 six-1.13.0 twisted-19.10.0 zope.interface-4.7.1
    
    opened by W9HAX 7
  • socket.gaierror

    socket.gaierror

    I installed on kali via pip install mitm6, but I always get this error:

    Unless this is what you want, specify at least one domain with -d
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 10, in <module>
        sys.exit(main())
      File "/usr/local/lib/python2.7/dist-packages/mitm6/mitm6.py", line 362, in main
        dnssock = setupFakeDns()
      File "/usr/local/lib/python2.7/dist-packages/mitm6/mitm6.py", line 284, in setupFakeDns
        addrinfo = socket.getaddrinfo(fulladdr, 53, socket.AF_INET6, socket.SOCK_DGRAM)
    socket.gaierror: [Errno -2] Name or service not known
    

    Any suggestions?

    opened by scorpius 5
  • global name 'IP' is not defined

    global name 'IP' is not defined

    After running mitm6 for a while, I begin seeing the following error:

    Unhandled Error Traceback (most recent call last): File "mitm6.py", line 286, in <module> main() File "mitm6.py", line 283, in main reactor.run() File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run self.mainLoop() File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop self.runUntilCurrent() --- <exception caught here> --- File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 851, in runUntilCurrent f(*a, **kw) File "mitm6.py", line 212, in parsepacket send_dns_reply(p) File "mitm6.py", line 137, in send_dns_reply ip = p[IP] exceptions.NameError: global name 'IP' is not defined

    Restarting the application will result in this error reappearing. The only way I could fix it was reinstalling the application, but then the error reappeared.

    I installed the application in a pyenv virtualenv, python version 2.7.9.

    uname -a

    Linux XXXXXX 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux

    opened by daniel-infosec 4
  • Documentation for multiple domains?

    Documentation for multiple domains?

    Hi there, I'm trying to use multiple domains with the -d flag and I'm not confident it's working I tried:

    mitm6.py -d abc.local contoso.local But that errored out.

    mitm6.py -d abc.local,contoso.local and mitm6.py -d "abc.local contoso.local"

    both appear to produce the same output but the output I get looks like:

    Sent spoofed reply for machine.abc.local,contoso.local. to fe80::1234:1

    The documentation mentions that multiple domains are possible but i've been unable to find any examples or documentation detailing the expected format.

    Any help would be appreciated. Thanks!

    opened by infosecconsultant 3
  • Fix using non default interface

    Fix using non default interface

    When using a non default interface using the -i switch, the packets dont seem to be send from the correct interface. Thus, this patch correctly fix this behavior, when specifying the -i switch, all listening and sending are done through the selected interface.

    opened by laxa 3
  • added the possibility to invert the DNS configuration: you can now sp…

    added the possibility to invert the DNS configuration: you can now sp…

    …ecify a list to domain to reply to OR to ignore from your spoof using -I flag also added the switch -l localdomain to be more specific about which is the localdomain

    opened by theguly 3
  • mitm6 is quiet...TOO quiet?

    mitm6 is quiet...TOO quiet?

    Hello!

    I've got a brand spanking new Kali VM, fully updated with just a handful of tools on it - one of which (of course!) is mitm6. I ran it for the first time this week at a customer network, and here's what things look like when it fires up:

    /opt/mitm6/mitm6/mitm6.py:283: SyntaxWarning: "is" with a literal. Did you mean "=="?
      if arpp.op is 2:
    Unable to init server: Could not connect: Connection refused
    Unable to init server: Could not connect: Connection refused
    
    (mitm6.py:1237): Gdk-CRITICAL **: 08:38:54.206: gdk_cursor_new_for_display: assertion 'GDK_IS_DISPLAY (display)' failed
    Starting mitm6 using the following configuration:
    Primary adapter: eth0 [x:x:x:x:x:x]
    IPv4 address: x.x.x.x
    IPv6 address: x::x:x:x:x
    DNS local search domain: network.local
    DNS whitelist: network.local
    

    The screen just sat there for about 30 minutes and I was anxious to see results start rolling in, but all that eventually coughed up was:

    Unhandled Error
    Traceback (most recent call last):
      File "/opt/mitm6/mitm6/mitm6.py", line 380, in <module>
        main()
      File "/opt/mitm6/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "/opt/mitm6/mitm6/mitm6.py", line 288, in parsepacket
        send_dns_reply(p)
      File "/opt/mitm6/mitm6/mitm6.py", line 179, in send_dns_reply
        if dns.qd.qclass != 1 or dns.qr != 0:
    builtins.AttributeError: 'NoneType' object has no attribute 'qclass'
    
    Unhandled Error
    Traceback (most recent call last):
      File "/opt/mitm6/mitm6/mitm6.py", line 380, in <module>
        main()
      File "/opt/mitm6/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "/opt/mitm6/mitm6/mitm6.py", line 288, in parsepacket
        send_dns_reply(p)
      File "/opt/mitm6/mitm6/mitm6.py", line 179, in send_dns_reply
        if dns.qd.qclass != 1 or dns.qr != 0:
    builtins.AttributeError: 'NoneType' object has no attribute 'qclass'
    

    I let the session run a while longer but it was just radio silence after this.

    Any thoughts on what might be the issue?

    Thanks, Brian

    opened by 7MinSec 2
  • No reply in virtual machine

    No reply in virtual machine

    Hi basically I’ve set up mitm6 but I hear no response even if I turn off and on the machines in the network , why is this occurring? It would be nice to have an in depth explaination.

    image

    opened by olamission 1
  • full machine-in-the-middle attack

    full machine-in-the-middle attack

    mitm6 doesn't implement a full machine-in-the-middle attack currently, like we see in for example the SLAAC attack

    Any plans to support a full attack in the future? SLAAC attack requires a lot of tools and has been unstable in my experience. Perhaps NAT64+DNS64?

    opened by mrbluecoat 1
  • Error execution

    Error execution

    Hello,

    when I run mitm6 don't work, I have this error:

    Traceback (most recent call last):
      File "/usr/bin/mitm6", line 33, in <module>
        sys.exit(load_entry_point('mitm6==0.3.0', 'console_scripts', 'mitm6')())
      File "/usr/bin/mitm6", line 22, in importlib_load_entry_point
        for entry_point in distribution(dist_name).entry_points
      File "/usr/lib/python3.9/importlib/metadata.py", line 542, in distribution
        return Distribution.from_name(distribution_name)
      File "/usr/lib/python3.9/importlib/metadata.py", line 196, in from_name
        raise PackageNotFoundError(name)
    importlib.metadata.PackageNotFoundError: mitm6
    

    I have installed the requirements, my version of Python 3.9.12 and Linux 5.16.0-kali7-amd64 #1 SMP PREEMPT Debian 5.16.18-1k

    A greeting anf thanks

    opened by tXambe 1
  • Exception in HTTP request

    Exception in HTTP request

    Hello,

    I'm getting a message "Exception in the HTTP request handler: Port could not be cast to integer value as ':ffff:IP:445'

    Offhand I just wanted to know what if this has been seen before, if so what would be the resolve? a new install? Just install it from the repo clone.

    Thank you

    opened by jrod1481 0
  • 'KeyError: 2' when starting on an interface that has no IPv4 address

    'KeyError: 2' when starting on an interface that has no IPv4 address

    If I start mitm6 with -i to assign it to a specific interface, it chokes and stops with KeyError: 2 if this interface only has an IPv6 address, and no IPv4:

    # ip -6 address add fe80::800:27ff:fe00:0000/64 dev vboxnet0
    # ip link set vboxnet0 up
    # ip --brief a show
    lo               UNKNOWN        127.0.0.1/8 ::1/128 
    enp0s31f6        DOWN
    wlp0s20f3        UP             192.168.0.49/24 
    tun0             UNKNOWN        [removed]
    vboxnet0         UP             fe80::800:27ff:fe00:0/64 
    # mitm6 -i vboxnet0 -v --debug
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 8, in <module>
        sys.exit(main())
      File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 369, in main
        config = Config(args)
      File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 39, in __init__
        self.v4addr = netifaces.ifaddresses(self.default_if)[netifaces.AF_INET][0]['addr']
    KeyError: 2
    FAIL: 1
    

    If I assign an IPV4 address, it works fine and the virtual machine on vboxnet0 get spoofed:

    # ip address add 192.168.56.1/24 dev vboxnet0
    # mitm6 -i vboxnet0 -v --debug
    Starting mitm6 using the following configuration:
    Primary adapter: vboxnet0 [0a:00:27:00:00:00]
    IPv4 address: 192.168.56.1
    IPv6 address: fe80::800:27ff:fe00:0
    Warning: Not filtering on any domain, mitm6 will reply to all DNS queries.
    Unless this is what you want, specify at least one domain with -d
    WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    WARNING: more The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
    IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
    Sent spoofed reply for time.windows.com. to fe80::97d:a5c7:a91b:f5f7
    
    opened by DidierA 2
  • Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server

    Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server

    Hi,

    Thank you for this tool. I use it all the time!

    A common attack on IPv4 I use is to passively force or actively coerce HTTP to SMB authentication to ntlmrelayx in order to relay to LDAP. This requires the use of the NetBIOS name of the relaying server in order for the targeted Windows installations to trust the connection address. Luckily Responder provides that NetBIOS name when running so I use that for this.

    I can execute the same attack as above on IPv6 using mitm6 but I still need Responder's NetBIOS name which means I need both mitm6 and Responder running at the same time targeting the same networks. Would it be possible for mitm6 to provide a NetBIOS name that can be used instead of Responder's? BTW, is it safe to use mitm6 and Responder at the same time in this way?

    Thanks!

    opened by jsdhasfedssad 0
  • Updated mitm6.py to include logging capabilities

    Updated mitm6.py to include logging capabilities

    Added an option (-o) to allow outputting the results of mitm6 into a log file. I find this to be very useful for my scenario since tee'ing the output of mitm6 doesn't seem to actually do anything until mitm6 closes. For my use case, I need to monitor mitm6's output in realtime and terminate it depending on conditions.

    opened by altjx 0
  • mitm6 doesn't work on VPN tunnel interface. "">

    mitm6 doesn't work on VPN tunnel interface. "mitm6 -i tun0 -d "

       valid_lft forever preferred_lft forever
    

    3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.10.15.169/23 brd 10.10.15.255 scope global tun0 valid_lft forever preferred_lft forever inet6 dead:beef:2::11a7/64 scope global valid_lft forever preferred_lft forever inet6 fe80::e4e0:7a25:ea5d:b6ee/64 scope link stable-privacy valid_lft forever preferred_lft forever

    root@kali:/opt/mitm6# mitm6 -i tun0 Traceback (most recent call last): File "/usr/local/bin/mitm6", line 8, in sys.exit(main()) File "/usr/local/lib/python3.8/dist-packages/mitm6/mitm6.py", line 340, in main config = Config(args) File "/usr/local/lib/python3.8/dist-packages/mitm6/mitm6.py", line 57, in init self.macaddr = netifaces.ifaddresses(self.default_if)[netifaces.AF_LINK][0]['addr'] KeyError: 17

    opened by ssc1982 2
Releases(v0.3.0)
Owner
Fox-IT
Fox-IT
EchoDNS - Analyze your DNS traffic super easy, shows all requested DNS traffic

EchoDNS - Analyze your DNS traffic super easy, shows all requested DNS traffic

Oli Zimmermann 1 Jan 11, 2022
Simple threaded Python Rickroll server. Listens on port 23 by default.

Terminal Rickroll Simple threaded Python Rickroll server. Listens on port 23 by default. Rickroll video made using Video-To-Ascii and the standard ric

AG 10 Sep 13, 2022
Serves some data over HTTP, once. Based on the built-in Python module http.server

serve-me-once Serves some data over HTTP, once. Based on the built-in Python module http.server.

Peder Bergebakken Sundt 2 Jan 6, 2022
DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.

What is DNSStager? DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malic

Askar 547 Dec 20, 2022
Way find out if DNS is down or your instance

DNS-PING Way to find out if DNS is down or your instance Problem: At times it happens that DNS provider services of a website URL is down and so to re

Giten Mitra 4 Nov 18, 2022
ExtDNS synchronizes labeled records in docker-compose with DNS providers.

ExtDNS for docker-compose ExtDNS synchronizes labeled records in docker-compose with DNS providers. Inspired by External DNS, ExtDNS makes resources d

DNTSK 6 Dec 24, 2022
🥑 A Python ARP and DNS Spoofer CLI and INTERFACE 🥓

NEXTGEN SPOOFER ?? A Python ARP and DNS Spoofer CLI and INTERFACE ?? CLI -> advanced pentesters INTERFACE -> beginners SetUp Make sure you installed P

null 9 Dec 25, 2022
Makes dynamically updating your Cloudflare DNS records a bit easier ⏩👍😎

Easy Dynamic Cloudflare DNS Updater Makes dynamically updating your Cloudflare DNS records a bit easier ⏩ ?? ?? If using it as a 'Dynamic DNS' client,

Zac Koch 3 Dec 19, 2021
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package

Build custom OSINT tools and APIs with this python package - It includes different OSINT modules (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whoi

QeeqBox 52 Jan 6, 2023
A pure python implementation of multicast DNS service discovery

python-zeroconf Documentation. This is fork of pyzeroconf, Multicast DNS Service Discovery for Python, originally by Paul Scott-Murphy (https://github

Jakub Stasiak 483 Dec 29, 2022
A great python/java dynamic DNS service for NameSilo, with log, email reminder...

English NameSilo DDNS is a DDNS service for NameSilo domain names for home broadband , it can automatically detect IP changes in home broadband

云牧青 77 Dec 28, 2022
Octodns-cloudflare - Cloudflare DNS provider for octoDNS

CloudflareProvider provider for octoDNS An octoDNS provider that targets Cloudfl

octoDNS 6 May 28, 2022
Fmog: Fortinet Mass Object Generator. This script will take a list of IP addresses and create address objects with the same name

Fmog: Fortinet Mass Object Generator This script will take a list of IP addresses and create address objects with the same name. It will also add them

null 2 Oct 26, 2021
Take a list of domains and probe for working HTTP and HTTPS servers

httprobe Take a list of domains and probe for working http and https servers. Install ▶ go get -u github.com/tomnomnom/httprobe Basic Usage httprobe

Tom Hudson 2.3k Dec 28, 2022
This is a Client-Server-System which can share the screen from the server to client and in the other direction.

Screenshare-Streaming-Python This is a Client-Server-System which can share the screen from the server to client and in the other direction. You have

VFX / Videoeffects Creator 1 Nov 19, 2021
This is a Client-Server-System which can send audio from a microphone from the server to client and in the other direction.

Audio-Streaming-Python This is a Client-Server-System which can send audio from a microphone from the server to client and in the other direction. You

VFX / Videoeffects Creator 0 Jan 5, 2023
A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other.

A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other. It also provides an Admin role with features including kicking and baning of users.

null 3 May 22, 2022
Test - Python project for Collection Server and API Server

QProjectPython Collection Server 와 API Server 를 위한 Python 프로젝트 입니다. [FastAPI참고]

null 1 Jan 3, 2022
pureSxS - A tool to export Component Based Servicing packages from a full Windows installation

pureSxS A tool to export Component Based Servicing packages from a full Windows installation. Usage pureSxS.py <source_mum> <destination> pureSxS wor

Gamers Against Weed 3 Oct 3, 2022