October 24, 2016

New Version of Metasploit Targets IPv6 Risks

(LiveHacking.Com) – Rapid7 has released a new version of Metasploit, its popular penetration testing toolkit, with new functionality to assess the security of IPv6 enabled systems. With Metasploit 4.2 users can test whether IPv6 addresses on their network are vulnerable to cyber-attacks. The framework includes hundreds of working remote exploits for a variety of platforms and the new IPv6 tests are important for organizations that have not methodically implemented an IPv6 network but rather has allowed it to creep in as operating systems and devices starting enabling IPv6 functionality by default.  For example, the default setting in Windows 7 and Windows Server 2008 is to give a higher priority to the IPv6 interface, rather than the IPv4 address, for management traffic and network shares.

“The number of IPv6-enabled systems has quadrupled over the last three years, broadening the attack surface for cyber attackers, with over 10% of the world’s top web sites now offering IPv6 services,” said HD Moore, CSO of Rapid7 and chief architect of the Metasploit Project.

Since IPv6 runs in parallel with IPv4 it is often not as well managed as an existing IPv4 network. It is essential that companies perform security assessments to audit IPv6-enabled internal and external hosts. Rapid7 cite the example of organizations who have blocked zone transfers on their DNS servers for IPv4, but left this common flaw wide open on IPv6. Another real world example is the use of firewalls that have been correctly configured to  filter IPv4 traffic but that accept all IPv6 traffic. Further more, some older Intrusion Prevention Systems (IPS) may even be completely unaware of IPv6 traffic.

Metasploit 4.2 is available immediately from rapid7.com. The new features are available in both the open source and commercial editions of Metasploit.



Wireshark Version 1.6.0 released

The Wireshark development team has released Wireshark version 1.6.0 of its open source, cross-platform network protocol analyzer.

This new version of Wireshark improves support for large files and has some new features such as the ability to export SSL session keys and SMB objects. The users can now import text dumps into Wireshark and TShark, similar to text2pcap. Further, TShark can now display iSCSI, ICMP and ICMPv6 service response times.

Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets. Please visit Wireshark version 1.6.0 release notes for a complete list of changes.

Wireshark is licensed under version 2 of the GNU General Public License. It can be download here.

June 8th, 2011 World IPv6 Day

Today is World IPv6 Day, major web companies such as Google, Facebook, Yahoo!, Akamai, Limelight Networks and Microsoft will enable IPv6 for 24 hours to test IPv6 in the real world.

On World IPv6 Day more than 430 companies are offering their content over IPv6 for a 24 hours. The goal of this world wide test is to motivate organizations across the related industries (Internet service providers, hardware makers, operating system vendors and web companies) to prepare their services and products for IPv6 to ensure a successful transition from IPv4 to IPv6.

IPv6 is the next generation Internet Protocol (IP) address standard to replace, the IPv4 protocol most Internet services use today. This transition helps to ensure the continued growth of the Internet as a communication platform.

The Internet Society is working with its members and other organizations to promote IPv6 transition by sharing information and helping to build the required operational capability among the Internet community and major web companies.

Microsoft Haven’t Fixed Year Old IPv6 DoS Vulnerability in Windows

CVE-2010-4669 describes a vulnerability in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. Using a simple tool like flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service (CPU consumption and system hang) by sending multiple Router Advertisement (RA) messages with different source addresses.

The problem is that updating the routing tables and configuring IPv6 addresses requires lots of CPU resources (ie. 100%). If a network is flooded with random router announcements, Windows (and other operating systems like FreeBSD) struggle to update their routing tables. The denial of service remains in affect until the flooding is terminated.

With the inevitable move over to IPv6 this issue which has been known for nearly a year is becoming more and more critical. The problem seems to be that Microsoft and other IPv6 vendors aren’t offering much in the way of solutions.

Juniper Networks, the high performance switch manufacturer, have gone on record to say that they are not fixing this issue until the IETF workgroup has a proposal on a standard way to fix it. We assume Microsoft are following the same thinking.

More information on the vulnerability is available here and here. Below is a video showing the attack in progress:

Note: The Live Hacking Ethical Hacking and Penetration DVD contains the flood_router6 tool.

Live Hacking V1.2 Released

Dr. Ali Jahangiri, the respected security expert and author, is pleased to announce an update to the Live Hacking CD, a Linux distribution designed for ethical computer hacking. The updated Live CD contains the tools and utilities you need to test and hack your own network in the same way a malicious hacker would. New in this version is the metasploit penetration testing framework and a range of IPv6 foot-printing tools.

The metasploit framework, one of the new tools included with this release, can be used to test your network using the frameworks internal database of known weaknesses and exploits.

As the number of available IPv4 addresses decreases more and more organizations are deploying IPv6. Also included in this new release of the Live Hacking CD is the THC-IPV6 tool, a set of tools to attack the inherent protocol weaknesses of IPv6 and ICMP6.

‘The Live Hacking CD has been an outstanding success’ said Dr. Ali Jahangiri. ‘Now with this new updated version we are putting more tools into the hands of IT professionals so they can defend against the malicious activities of cyber criminals.’

Download Live Hacking V1.2 Here.