mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

Related tags

Networkingmitm6
Overview

mitm6

Python 2.7 and 3 compatible PyPI version License: GPLv2

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will selectively reply to DNS queries of the attackers choosing and redirect the victims traffic to the attacker machine instead of the legitimate server. For a full explanation of the attack, see our blog about mitm6. Mitm6 is designed to work together with ntlmrelayx from impacket for WPAD spoofing and credential relaying.

Dependencies and installation

mitm6 is compatible with both Python 2.7 and 3.x. You can install the requirements for your version with pip install -r requirements.txt. In both cases, mitm6 uses the following packages:

  • Scapy
  • Twisted
  • netifaces

For python 2.7, it uses the ipaddress backport module. You can install the latest release from PyPI with pip install mitm6, or the latest version from source with python setup.py install after cloning this git repository.

Usage

After installation, mitm6 will be available as a command line program called mitm6. Since it uses raw packet capture with Scapy, it should be run as root. mitm6 should detect your network settings by default and use your primary interface for its spoofing. The only option you will probably need to specify is the AD domain that you are spoofing. For advanced tuning, the following options are available:

usage: mitm6.py [-h] [-i INTERFACE] [-l LOCALDOMAIN] [-4 ADDRESS] [-6 ADDRESS]
                [-m ADDRESS] [-a] [-v] [--debug] [-d DOMAIN] [-b DOMAIN]
                [-hw DOMAIN] [-hb DOMAIN] [--ignore-nofqdn]

mitm6 - pwning IPv4 via IPv6
For help or reporting issues, visit https://github.com/fox-it/mitm6

optional arguments:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Interface to use (default: autodetect)
  -l LOCALDOMAIN, --localdomain LOCALDOMAIN
                        Domain name to use as DNS search domain (default: use
                        first DNS domain)
  -4 ADDRESS, --ipv4 ADDRESS
                        IPv4 address to send packets from (default:
                        autodetect)
  -6 ADDRESS, --ipv6 ADDRESS
                        IPv6 link-local address to send packets from (default:
                        autodetect)
  -m ADDRESS, --mac ADDRESS
                        Custom mac address - probably breaks stuff (default:
                        mac of selected interface)
  -a, --no-ra           Do not advertise ourselves (useful for networks which
                        detect rogue Router Advertisements)
  -v, --verbose         Show verbose information
  --debug               Show debug information

Filtering options:
  -d DOMAIN, --domain DOMAIN
                        Domain name to filter DNS queries on (Whitelist
                        principle, multiple can be specified.)
  -b DOMAIN, --blacklist DOMAIN
                        Domain name to filter DNS queries on (Blacklist
                        principle, multiple can be specified.)
  -hw DOMAIN, --host-whitelist DOMAIN
                        Hostname (FQDN) to filter DHCPv6 queries on (Whitelist
                        principle, multiple can be specified.)
  -hb DOMAIN, --host-blacklist DOMAIN
                        Hostname (FQDN) to filter DHCPv6 queries on (Blacklist
                        principle, multiple can be specified.)
  --ignore-nofqdn       Ignore DHCPv6 queries that do not contain the Fully
                        Qualified Domain Name (FQDN) option.

You can manually override most of the autodetect options (though overriding the MAC address will break things). If the network has some hardware which blocks or detects rogue Router Advertisement messages, you can add the --no-ra flag to not broadcast those. Router Advertisements are not needed for mitm6 to work since it relies mainly on DHCPv6 messages.

Filtering options

Several filtering options are available to select which hosts you want to attack and spoof. First there are the --host-whitelist and --host-blacklist options (or -hw and -hb for short), which take a (partial) domain as argument. Incoming DHCPv6 requests will be filtered against this list. The property checked is the DHCPv6 FQND option, in which the client provides its hostname. The same applies for DNS requests, for this the --domain option (or -d) is available, where you can supply which domain(s) you want to spoof. Blocking specific domains is also possible with --blacklist/-b. Both parameters can be specified multiple times to include/block multiple domains (for example -d domain.local -d otherdomain.local -b somehost.domain.local -b somehost.otherdomain.local).

For both the host and DNS filtering, simple string matching is performed. So if you choose to reply to wpad, it will also reply to queries for wpad.corpdomain.com. If you want more specific filtering, use both the whitelist and blacklist options, since the blacklist takes precedence over the whitelist. By default the first domain specified will be used as the DNS search domain, if you explicitliy want to specify this domain yourself use the --localdomain option.

About network impact and restoring the network

mitm6 is designed as a penetration testing tool and should thus impact the network as little as possible. This is the main reason mitm6 doesn't implement a full man-in-the-middle attack currently, like we see in for example the SLAAC attack. To further minimize the impact, the IP addresses assigned have low time-to-live (TTL) values. The lease will expire within 5 minutes when mitm6 is stopped, which will remove the DNS server from the victims configuration. To prevent DNS replies getting cached, all replies are sent with a TTL of 100 seconds, which makes sure the cache is cleared within minutes after the tool exits.

Usage with ntlmrelayx

mitm6 is designed to be used with ntlmrelayx. You should run the tools next to each other, in this scenario mitm6 will spoof the DNS, causing victims to connect to ntlmrelayx for HTTP and SMB connections. For this you have to make sure to run ntlmrelayx with the -6 option, which will make it listen on both IPv4 and IPv6. To obtain credentials for WPAD, specify the WPAD hostname to spoof with -wh HOSTNAME (any non-existing hostname in the local domain will work since mitm6 is the DNS server). Optionally you can also use the -wa N parameter with a number of attempts to prompt for authentication for the WPAD file itself in case you suspect victims do not have the MS16-077 patch applied.

Detection

The Fox-IT Security Research Team team has released Snort and Suricata signatures to detect rogue DHCPv6 traffic and WPAD replies over IPv6. The signatures are available here: https://gist.github.com/fox-srt/98f29051fe56a1695de8e914c4a2373f

Comments
  • Scapy Error

    Scapy Error

    getting this error after a fresh install on Kali 2019.1

    Unsure if it's something with my install. Tried different versions of mitm6.

    anyways below is the error:

    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 11, in <module>
        load_entry_point('mitm6==0.2.1', 'console_scripts', 'mitm6')()
      File "build/bdist.linux-x86_64/egg/mitm6/mitm6.py", line 366, in main
        reactor.run()
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "build/bdist.linux-x86_64/egg/mitm6/mitm6.py", line 272, in parsepacket
        if arpp.op is arpp.is_at:
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 326, in __getattr__
        return self.payload.__getattr__(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 326, in __getattr__
        return self.payload.__getattr__(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 324, in __getattr__
        fld, v = self.getfield_and_val(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 1427, in getfield_and_val
        raise AttributeError(attr)
    exceptions.AttributeError: is_at
    
    opened by x90skysn3k 9
  • Troubleshooting Unhandled Error: list index out of range

    Troubleshooting Unhandled Error: list index out of range

    Hi, running into an issue on the new Kali instance where mitm6 (from source and pip) are spitting out unhandled errors. I've attempted to ensure all the requirements are installed, adequate versions, and compared to other machines where things seem to be working.

    Any thoughts or pointers as to what might be happening, I'm exhausting my ideas. --debug and -v flags don't seem to return any additional data of value.

    Linux kali 5.2.0-kali3-amd64 #1 SMP Debian 5.2.17-1kali2 (2019-10-17) x86_64 GNU/Linux

    Starting mitm6 using the following configuration:
    Primary adapter: eth0 [28:92:xx:xx:70:5a]
    IPv4 address: 192.168.xx.68
    IPv6 address: fe80::xxxx:xxxx:xxxx:705a
    Warning: Not filtering on any domain, mitm6 will reply to all DNS queries.
    Unless this is what you want, specify at least one domain with -d
    Unhandled Error
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 8, in <module>
        sys.exit(main())
      File "/usr/local/lib/python3.7/dist-packages/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 1283, in run
        self.mainLoop()
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 1292, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 886, in runUntilCurrent
        f(*a, **kw)
      File "/usr/local/lib/python3.7/dist-packages/mitm6/mitm6.py", line 275, in parsepacket
        print('IPv6 address %s is now assigned to %s' % (p[DHCP6OptIA_NA].ianaopts[0].addr, pcdict[p.src]))
    builtins.IndexError: list index out of range
    

    PIP install logs for reference and version info.

    Collecting mitm6
      Using cached https://files.pythonhosted.org/packages/b3/4a/41f2b53f280ae0323c608887ae63c6496a10d4351c6adaee41c26eda4d70/mitm6-0.2.2-py3-none-any.whl
    Processing /root/.cache/pip/wheels/95/bf/51/905b3e84ec4ca910ce4ae92173c7334623105a265bdd1d9438/scapy-2.4.3-py2.py3-none-any.whl
    Processing /root/.cache/pip/wheels/23/8f/f3/7054578f04c904f70757c5c85a6e2823baa69d42365526e93d/netifaces-0.10.9-cp37-cp37m-linux_x86_64.whl
    Collecting twisted
      Using cached https://files.pythonhosted.org/packages/06/28/2a433e147de68c8416aa0179c45e67b67161f5c0f24aaaf1723f6229f574/Twisted-19.10.0-cp37-cp37m-manylinux1_x86_64.whl
    Collecting hyperlink>=17.1.1
      Using cached https://files.pythonhosted.org/packages/7f/91/e916ca10a2de1cb7101a9b24da546fb90ee14629e23160086cf3361c4fb8/hyperlink-19.0.0-py2.py3-none-any.whl
    Requirement already satisfied: attrs>=17.4.0 in /usr/lib/python3/dist-packages (from twisted->mitm6) (18.2.0)
    Collecting PyHamcrest>=1.9.0
      Using cached https://files.pythonhosted.org/packages/9a/d5/d37fd731b7d0e91afcc84577edeccf4638b4f9b82f5ffe2f8b62e2ddc609/PyHamcrest-1.9.0-py2.py3-none-any.whl
    Collecting incremental>=16.10.1
      Using cached https://files.pythonhosted.org/packages/f5/1d/c98a587dc06e107115cf4a58b49de20b19222c83d75335a192052af4c4b7/incremental-17.5.0-py2.py3-none-any.whl
    Collecting constantly>=15.1
      Using cached https://files.pythonhosted.org/packages/b9/65/48c1909d0c0aeae6c10213340ce682db01b48ea900a7d9fce7a7910ff318/constantly-15.1.0-py2.py3-none-any.whl
    Collecting zope.interface>=4.4.2
      Using cached https://files.pythonhosted.org/packages/40/e7/7e1060c2826d6b8c25bebbd1c96177f4b85ecfe3e2478d31acf9eaca3a11/zope.interface-4.7.1-cp37-cp37m-manylinux2010_x86_64.whl
    Collecting Automat>=0.3.0
      Using cached https://files.pythonhosted.org/packages/e5/11/756922e977bb296a79ccf38e8d45cafee446733157d59bcd751d3aee57f5/Automat-0.8.0-py2.py3-none-any.whl
    Collecting idna>=2.5
      Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
    Collecting six
      Using cached https://files.pythonhosted.org/packages/65/26/32b8464df2a97e6dd1b656ed26b2c194606c16fe163c695a992b36c11cdf/six-1.13.0-py2.py3-none-any.whl
    Collecting setuptools
      Using cached https://files.pythonhosted.org/packages/54/28/c45d8b54c1339f9644b87663945e54a8503cfef59cf0f65b3ff5dd17cf64/setuptools-42.0.2-py2.py3-none-any.whl
    Installing collected packages: scapy, netifaces, idna, hyperlink, six, setuptools, PyHamcrest, incremental, constantly, zope.interface, Automat, twisted, mitm6
    Successfully installed Automat-0.8.0 PyHamcrest-1.9.0 constantly-15.1.0 hyperlink-19.0.0 idna-2.8 incremental-17.5.0 mitm6-0.2.2 netifaces-0.10.9 scapy-2.4.3 setuptools-42.0.2 six-1.13.0 twisted-19.10.0 zope.interface-4.7.1
    
    opened by W9HAX 7
  • socket.gaierror

    socket.gaierror

    I installed on kali via pip install mitm6, but I always get this error:

    Unless this is what you want, specify at least one domain with -d
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 10, in <module>
        sys.exit(main())
      File "/usr/local/lib/python2.7/dist-packages/mitm6/mitm6.py", line 362, in main
        dnssock = setupFakeDns()
      File "/usr/local/lib/python2.7/dist-packages/mitm6/mitm6.py", line 284, in setupFakeDns
        addrinfo = socket.getaddrinfo(fulladdr, 53, socket.AF_INET6, socket.SOCK_DGRAM)
    socket.gaierror: [Errno -2] Name or service not known
    

    Any suggestions?

    opened by scorpius 5
  • global name 'IP' is not defined

    global name 'IP' is not defined

    After running mitm6 for a while, I begin seeing the following error:

    Unhandled Error Traceback (most recent call last): File "mitm6.py", line 286, in <module> main() File "mitm6.py", line 283, in main reactor.run() File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run self.mainLoop() File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop self.runUntilCurrent() --- <exception caught here> --- File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 851, in runUntilCurrent f(*a, **kw) File "mitm6.py", line 212, in parsepacket send_dns_reply(p) File "mitm6.py", line 137, in send_dns_reply ip = p[IP] exceptions.NameError: global name 'IP' is not defined

    Restarting the application will result in this error reappearing. The only way I could fix it was reinstalling the application, but then the error reappeared.

    I installed the application in a pyenv virtualenv, python version 2.7.9.

    uname -a

    Linux XXXXXX 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux

    opened by daniel-infosec 4
  • Documentation for multiple domains?

    Documentation for multiple domains?

    Hi there, I'm trying to use multiple domains with the -d flag and I'm not confident it's working I tried:

    mitm6.py -d abc.local contoso.local But that errored out.

    mitm6.py -d abc.local,contoso.local and mitm6.py -d "abc.local contoso.local"

    both appear to produce the same output but the output I get looks like:

    Sent spoofed reply for machine.abc.local,contoso.local. to fe80::1234:1

    The documentation mentions that multiple domains are possible but i've been unable to find any examples or documentation detailing the expected format.

    Any help would be appreciated. Thanks!

    opened by infosecconsultant 3
  • Fix using non default interface

    Fix using non default interface

    When using a non default interface using the -i switch, the packets dont seem to be send from the correct interface. Thus, this patch correctly fix this behavior, when specifying the -i switch, all listening and sending are done through the selected interface.

    opened by laxa 3
  • added the possibility to invert the DNS configuration: you can now sp…

    added the possibility to invert the DNS configuration: you can now sp…

    …ecify a list to domain to reply to OR to ignore from your spoof using -I flag also added the switch -l localdomain to be more specific about which is the localdomain

    opened by theguly 3
  • mitm6 is quiet...TOO quiet?

    mitm6 is quiet...TOO quiet?

    Hello!

    I've got a brand spanking new Kali VM, fully updated with just a handful of tools on it - one of which (of course!) is mitm6. I ran it for the first time this week at a customer network, and here's what things look like when it fires up:

    /opt/mitm6/mitm6/mitm6.py:283: SyntaxWarning: "is" with a literal. Did you mean "=="?
      if arpp.op is 2:
    Unable to init server: Could not connect: Connection refused
    Unable to init server: Could not connect: Connection refused
    
    (mitm6.py:1237): Gdk-CRITICAL **: 08:38:54.206: gdk_cursor_new_for_display: assertion 'GDK_IS_DISPLAY (display)' failed
    Starting mitm6 using the following configuration:
    Primary adapter: eth0 [x:x:x:x:x:x]
    IPv4 address: x.x.x.x
    IPv6 address: x::x:x:x:x
    DNS local search domain: network.local
    DNS whitelist: network.local
    

    The screen just sat there for about 30 minutes and I was anxious to see results start rolling in, but all that eventually coughed up was:

    Unhandled Error
    Traceback (most recent call last):
      File "/opt/mitm6/mitm6/mitm6.py", line 380, in <module>
        main()
      File "/opt/mitm6/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "/opt/mitm6/mitm6/mitm6.py", line 288, in parsepacket
        send_dns_reply(p)
      File "/opt/mitm6/mitm6/mitm6.py", line 179, in send_dns_reply
        if dns.qd.qclass != 1 or dns.qr != 0:
    builtins.AttributeError: 'NoneType' object has no attribute 'qclass'
    
    Unhandled Error
    Traceback (most recent call last):
      File "/opt/mitm6/mitm6/mitm6.py", line 380, in <module>
        main()
      File "/opt/mitm6/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "/opt/mitm6/mitm6/mitm6.py", line 288, in parsepacket
        send_dns_reply(p)
      File "/opt/mitm6/mitm6/mitm6.py", line 179, in send_dns_reply
        if dns.qd.qclass != 1 or dns.qr != 0:
    builtins.AttributeError: 'NoneType' object has no attribute 'qclass'
    

    I let the session run a while longer but it was just radio silence after this.

    Any thoughts on what might be the issue?

    Thanks, Brian

    opened by 7MinSec 2
  • No reply in virtual machine

    No reply in virtual machine

    Hi basically I’ve set up mitm6 but I hear no response even if I turn off and on the machines in the network , why is this occurring? It would be nice to have an in depth explaination.

    image

    opened by olamission 1
  • full machine-in-the-middle attack

    full machine-in-the-middle attack

    mitm6 doesn't implement a full machine-in-the-middle attack currently, like we see in for example the SLAAC attack

    Any plans to support a full attack in the future? SLAAC attack requires a lot of tools and has been unstable in my experience. Perhaps NAT64+DNS64?

    opened by mrbluecoat 1
  • Error execution

    Error execution

    Hello,

    when I run mitm6 don't work, I have this error:

    Traceback (most recent call last):
      File "/usr/bin/mitm6", line 33, in <module>
        sys.exit(load_entry_point('mitm6==0.3.0', 'console_scripts', 'mitm6')())
      File "/usr/bin/mitm6", line 22, in importlib_load_entry_point
        for entry_point in distribution(dist_name).entry_points
      File "/usr/lib/python3.9/importlib/metadata.py", line 542, in distribution
        return Distribution.from_name(distribution_name)
      File "/usr/lib/python3.9/importlib/metadata.py", line 196, in from_name
        raise PackageNotFoundError(name)
    importlib.metadata.PackageNotFoundError: mitm6
    

    I have installed the requirements, my version of Python 3.9.12 and Linux 5.16.0-kali7-amd64 #1 SMP PREEMPT Debian 5.16.18-1k

    A greeting anf thanks

    opened by tXambe 1
  • Exception in HTTP request

    Exception in HTTP request

    Hello,

    I'm getting a message "Exception in the HTTP request handler: Port could not be cast to integer value as ':ffff:IP:445'

    Offhand I just wanted to know what if this has been seen before, if so what would be the resolve? a new install? Just install it from the repo clone.

    Thank you

    opened by jrod1481 0
  • 'KeyError: 2' when starting on an interface that has no IPv4 address

    'KeyError: 2' when starting on an interface that has no IPv4 address

    If I start mitm6 with -i to assign it to a specific interface, it chokes and stops with KeyError: 2 if this interface only has an IPv6 address, and no IPv4:

    # ip -6 address add fe80::800:27ff:fe00:0000/64 dev vboxnet0
    # ip link set vboxnet0 up
    # ip --brief a show
    lo               UNKNOWN        127.0.0.1/8 ::1/128 
    enp0s31f6        DOWN
    wlp0s20f3        UP             192.168.0.49/24 
    tun0             UNKNOWN        [removed]
    vboxnet0         UP             fe80::800:27ff:fe00:0/64 
    # mitm6 -i vboxnet0 -v --debug
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 8, in <module>
        sys.exit(main())
      File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 369, in main
        config = Config(args)
      File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 39, in __init__
        self.v4addr = netifaces.ifaddresses(self.default_if)[netifaces.AF_INET][0]['addr']
    KeyError: 2
    FAIL: 1
    

    If I assign an IPV4 address, it works fine and the virtual machine on vboxnet0 get spoofed:

    # ip address add 192.168.56.1/24 dev vboxnet0
    # mitm6 -i vboxnet0 -v --debug
    Starting mitm6 using the following configuration:
    Primary adapter: vboxnet0 [0a:00:27:00:00:00]
    IPv4 address: 192.168.56.1
    IPv6 address: fe80::800:27ff:fe00:0
    Warning: Not filtering on any domain, mitm6 will reply to all DNS queries.
    Unless this is what you want, specify at least one domain with -d
    WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    WARNING: more The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
    IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
    Sent spoofed reply for time.windows.com. to fe80::97d:a5c7:a91b:f5f7
    
    opened by DidierA 2
  • Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server

    Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server

    Hi,

    Thank you for this tool. I use it all the time!

    A common attack on IPv4 I use is to passively force or actively coerce HTTP to SMB authentication to ntlmrelayx in order to relay to LDAP. This requires the use of the NetBIOS name of the relaying server in order for the targeted Windows installations to trust the connection address. Luckily Responder provides that NetBIOS name when running so I use that for this.

    I can execute the same attack as above on IPv6 using mitm6 but I still need Responder's NetBIOS name which means I need both mitm6 and Responder running at the same time targeting the same networks. Would it be possible for mitm6 to provide a NetBIOS name that can be used instead of Responder's? BTW, is it safe to use mitm6 and Responder at the same time in this way?

    Thanks!

    opened by jsdhasfedssad 0
  • Updated mitm6.py to include logging capabilities

    Updated mitm6.py to include logging capabilities

    Added an option (-o) to allow outputting the results of mitm6 into a log file. I find this to be very useful for my scenario since tee'ing the output of mitm6 doesn't seem to actually do anything until mitm6 closes. For my use case, I need to monitor mitm6's output in realtime and terminate it depending on conditions.

    opened by altjx 0
  • mitm6 doesn't work on VPN tunnel interface. "">

    mitm6 doesn't work on VPN tunnel interface. "mitm6 -i tun0 -d "

       valid_lft forever preferred_lft forever
    

    3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.10.15.169/23 brd 10.10.15.255 scope global tun0 valid_lft forever preferred_lft forever inet6 dead:beef:2::11a7/64 scope global valid_lft forever preferred_lft forever inet6 fe80::e4e0:7a25:ea5d:b6ee/64 scope link stable-privacy valid_lft forever preferred_lft forever

    [email protected]:/opt/mitm6# mitm6 -i tun0 Traceback (most recent call last): File "/usr/local/bin/mitm6", line 8, in sys.exit(main()) File "/usr/local/lib/python3.8/dist-packages/mitm6/mitm6.py", line 340, in main config = Config(args) File "/usr/local/lib/python3.8/dist-packages/mitm6/mitm6.py", line 57, in init self.macaddr = netifaces.ifaddresses(self.default_if)[netifaces.AF_LINK][0]['addr'] KeyError: 17

    opened by ssc1982 2
Releases(v0.3.0)
Owner
Fox-IT
Fox-IT
Light, simple RPC framework for Python

Agileutil是一个Python3 RPC框架。基于微服务架构,封装了rpc/http/orm/log等常用组件,提供了简洁的API,开发者可以很快上手,快速进行业务开发。

16 Nov 22, 2022
This is an open project to maintain a list of domain names that serve YouTube ads

The YouTube ads blocklist project This is an open project to maintain a list of domain names that serve YouTube ads. The original project only produce

Evan Pratten 574 Dec 30, 2022
Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies.

roblox-group-scanner Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies. Usage usage: s

h0nda 43 May 11, 2022
This will generate a very basic DHCP config with use of PHPIPAM systems.

phpipam-dhcp-config-generator This will generate a very basic DHCP config with use of PHPIPAM systems. Requirements PHPIPAM Custom Fields domain_name

1 Oct 24, 2021
Synchronised text editor over TCP, for live editing with others.

SyncTEd Synchronised text editor over TCP, for live editing with others. Written in Python with PyGame. Run Install requirements: pip install -r requi

Marko Živić 1 May 13, 2022
Automatic Proxy scraper and Proxy-rotating Nitro Generator.

Automatic Proxy scraper and Proxy-rotating Nitro Generator.

Tawren007 2 Nov 08, 2021
Ipscanner - A simple threaded IP-Scanner written in python3 that can monitor local IP's in your network

IPScanner 🔬 A simple threaded IP-Scanner written in python3 that can monitor lo

4 Dec 12, 2022
LGPL Pure Python OPC-UA Client and Server

LGPL Pure Python OPC-UA Client and Server

Free OPC-UA Library 1.2k Jan 04, 2023
Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI.

Overview docs tests package Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI. Based on p

Ionel Cristian Mărieș 227 Dec 27, 2022
sync application configuration and settings across multiple multiplatform devices

sync application configuration and settings across multiple multiplatform devices ✨ Key Features • ⚗️ Installation • 📑 How To Use • 🤔 FAQ • 🛠️ Setu

Souvik 6 Aug 25, 2022
Caching for HTTPX

Caching for HTTPX. Note: Early development / alpha, use at your own risk. This package adds caching functionality to HTTPX Adapted from Eric Larson's

Mehul Solanki 0 Oct 08, 2022
A Simple Web Server made by Python3.

A Simple Web Server made by Python3.

GGN_2015 2 Nov 27, 2021
Use Fast Redirect to easily redirect your domains.

Fast Redirect Use Fast Redirect to easily redirect your domains. Fast Redirects expects a JSON 'database'. This JSON 'database' contains the domains t

Cyberfusion 1 Dec 20, 2021
A tool to generate valid ip addresses of 55 countries. These ip's can be used for OpenBullet.

IP-Grabber A tool to generate valid ip addresses of 55 countries. These ip's can be used for OpenBullet. ive added the feature to set the generated ip

Saad 9 Dec 17, 2022
This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

Nord Fondkommission AB 2 Dec 15, 2021
telnet implementation over TCP socket with python

This a P2P implementation of telnet. This program transfers data on TCP sockets as plain text

10 May 19, 2022
Transfer files to and from a Windows host via ICMP in restricted network environments.

ICMP-TransferTools ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is

icyguider 269 Dec 20, 2022
Official ProtonVPN Linux app

ProtonVPN Linux App Copyright (c) 2021 Proton Technologies AG This repository holds the ProtonVPN Linux App. For licensing information see COPYING. Fo

ProtonVPN 288 Jan 01, 2023
Visualize the electric field of a point charge network.

ElectriPy ⚡ Visualize the electric field of a point charges network. 🔌 Installation Install ElectriPy package: $ pip install electripy You are all d

Dylan Tintenfich 29 Aug 29, 2022
Solismod - A script subscribes to MQTT topics and waits for a message

SolisMod This is a first attempt to modify Solis inverter settings As SolisMon3,

9 Nov 14, 2022