vanhauser-thc / thc-ipv6 Goto Github PK
View Code? Open in Web Editor NEWIPv6 attack toolkit
License: GNU Affero General Public License v3.0
IPv6 attack toolkit
License: GNU Affero General Public License v3.0
I've downloaded the newest version of thc-ipv6-master and, and tried to build it. This is the error that I get.
# make
cc -O3 -march=native -flto -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -D_HAVE_SSL -c -o thc-ipv6-lib.o thc-ipv6-lib.c
make: cc: Command not found
make: cc: Command not found
I'm sure libnetfilter-queue-dev
was installed.
Ubuntu 16.04 TLS x64
gcc -Ofast -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -freorder-blocks-and-partition -D_HAVE_SSL -o fragrouter6 fragrouter6.c thc-ipv6-lib.o -lpcap -lssl -lcrypto -lnetfilter_queue || /bin/echo -e "\nCompilation of fragrouter6 failed, you have to install libnetfilter-queue-dev for this!\n"
gcc -Ofast -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -freorder-blocks-and-partition -D_HAVE_SSL -o connsplit6 connsplit6.c thc-ipv6-lib.o -lpcap -lssl -lcrypto -lnetfilter_queue || /bin/echo -e "\nCompilation of connsplit6 failed, you have to install libnetfilter-queue-dev for this!\n"
I am using Arch Linux and I installed the tool by Arch repository.
When I run thcping6
, I get:
'thcping6' terminated by signal SIGILL (Illegal instruction)
The main website uses an insecure ssl cert and the tarball url doesn't work.
Please tag the releases on github and release the tarballs here, it will make a lot easier to get thc-ipv6 for everyone.
When trying to run the program I get the following error message
Error: Invalid MTU on interface x.x.x.x : -1
Hi,
First of all, thanks for this framework, it's really great!
However, I was trying to use it on a Raspberry Pi 4 and it didn't work.
Compiling was fine, no errors outputed, but I have some segmentation fault while executing dump_router6, detect-new-ip6, implementation6, fake_router6 or dos-new-ip6.
Is there something I have to modified before compiling the code for ARM?
I also tried on a clean NetHunter install on a OnePlus 6T and 3 and got the same result (that's why I assume it might be linked to ARM).
Thanks.
Recently I have been experiencing issues running passive_discovery6 on new Ubuntu 20.04.1 systems.
It compiles without errors and I have all of the dependent libraries loaded correctly as I have done for years.
I've tried to update, do a make clean, then do a make all, and make install again, no errors (other than on fuzz_dnsps6 & fuzz_dhcpc6, connect6).
Other THC tools seem to work fine, but when I run passive_discovery (and detect-new-ip6), it get this.
Started IPv6 passive system detection (Press Control-C to end) ...
Segmentation fault (core dumped)
Started ICMP6 DAD detection (Press Control-C to end) ...
Segmentation fault (core dumped)
Linux ubuntu2004 5.4.0-54-generic #60-Ubuntu SMP Fri Nov 6 10:37:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Hi there. Can you provide examples of syntax for this:
denial6
Performs various denial of service attacks on a target.
While building thc-ipv6 3.2:
thc-ipv6-lib.c: In function ‘thc_generate_key’:
thc-ipv6-lib.c:3115:3: warning: ‘RSA_generate_key’ is deprecated [-Wdeprecated-declarations]
if ((key->rsa = RSA_generate_key(key_len, 65535, NULL, NULL)) == NULL) {
^~
In file included from /usr/include/openssl/rsa.h:13:0,
from thc-ipv6-lib.c:46:
/usr/include/openssl/rsa.h:193:1: note: declared here
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
^
Hi @vanhauser-thc. I'd like to ask you a question before I go crazy. I have a home router that kind of sucks. So I created another router with DNS/DHCP server for ads blocking. All devices work except Android: that is, they don't use my DNS ip that I provide them via my server. Maybe I even figured out the cause. In the home router it is possible to disable only the DHCP (ipv4) but not the ipv6 one...consequently, I think android gives precedence to the ipv6 address instead of the ipv4. The question is'. With this tool, is it possible to "fool" the devices and pass them the ipv6 address of my DHCP router (a kind of arpspoof)?
Thank you
I noticed this today and thought I should bring to your attention.
When running thcping6 with -n 0, after 10 sequences the program will
crash with a buffer overflow. The weird thing is when compiling the
program alone it works fine.
$ gcc -o bobp6 thcping6.c thc-ipv6-lib.o -lpcap -lssl -lcrypto
The homepage (https://www.thc.org/thc-ipv6/) is currently inaccessible because the certificate expired on September.
lines 66 & 46 respectively. In bash sigkill can not be trapped. (credit: shellcheck)
cheers
I've had this problem both in the versions available on Kali Linux by default, and installable on Debian Linux through the default repositories available at install.
I've reviewed your code and determined the problem to lie on line 78.
The while loop on said line should read:
while (rlen > 0 && end == 0 && dlen > pos && done == 0)
instead of:
while (rlen > 0 && end == 0 && dlen >= pos && done == 0)
When dlen=pos, pos is at the start of the icmp, resulting in ptr[pos] being 0x80, the code for an ICMP echo request.
The condition:
else if (ptr[pos] > 0x1f)
evaluates as true (0x80 > 0x1f), causing the function to return without incrementing seq.
Hi I'm trying to send an IPv6 flood to my second VM. I can't specify IPv6 correctly, how can I register or configure it correctly? upd: i fix error
Function BN_set_word() returns 1 on success, 0 otherwise. However , the return value of function BN_set_word() in thc-ipv6/thc-ipv6-lib.c is not checked. See the following code:
line: 3210
Lines 3203 to 3219 in 011376c
We find the return value of this call been checked in openssl project with the version of openssl 1.1.2.
Such as in openssl/crypto folder
106: bl = BN_new();
107: if (bl == NULL || !BN_set_word(bl, l))
108: goto err;
Chi Li, Zuxing Gu, Jiecheng Wu
hey i have trouble using the thc-ipv6, I try to install it and it says that it is not from a trusted source
I have got the following error while building thc-ipv6:
gcc -g -O2 -fdebug-prefix-map=/home/build-area/thc-ipv6-3.2=. -fstack-protector-strong -Wformat -Werror=format-security -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -freorder-blocks-and-partition -D_HAVE_SSL -Wdate-time -D_FORTIFY_SOURCE=2 -o atk6-thcping6 thcping6.c thc-ipv6-lib.o -Wl,-z,relro -Wl,-z,now -lpcap -lssl -lcrypto
thc-ipv6-lib.o:(.bss+0x2c): multiple definition of `debug'
/tmp/ccnNvhca.o:(.bss+0x10): first defined here
collect2: error: ld returned 1 exit status
Makefile:43: recipe for target 'atk6-dnssecwalk' failed
make[1]: *** [atk6-dnssecwalk] Error 1
make[1]: *** Waiting for unfinished jobs....
/usr/bin/ld: /tmp/ccfDVHYt.o: undefined reference to symbol 'pthread_create@@GLIBC_2.2.5'
//lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
Makefile:43: recipe for target 'atk6-dnsdict6' failed
make[1]: *** [atk6-dnsdict6] Error 1
It looks like debug is being defined on three files:
thc-ipv6-lib.c
dnssecwalk.c
sendpeesmp6.c
Please also note the other error:
/usr/bin/ld: /tmp/ccfDVHYt.o: undefined reference to symbol 'pthread_create@@GLIBC_2.2.5'
//lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line
Simple question: for example i have ipv6 like this: 2a21:117f:452:d00:fc0c:ab47:5a6e:6969
and don't know which part of it is interface and which part of it is destination.
Can you please point it out so I can just learn from a single example. Thanks !
Can you perform a SLAAC attack with thc-ipv6?
$ make
gcc -O3 -march=native -flto -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -freorder-blocks-and-partition -D_HAVE_SSL -c -o thc-ipv6-lib.o thc-ipv6-lib.c
clang: error: unknown argument: '-freorder-blocks-and-partition'
clang: warning: optimization flag '-falign-functions' is not supported [-Wignored-optimization-argument]
clang: warning: optimization flag '-falign-jumps' is not supported [-Wignored-optimization-argument]
clang: warning: optimization flag '-falign-loops' is not supported [-Wignored-optimization-argument]
clang: warning: optimization flag '-falign-labels' is not supported [-Wignored-optimization-argument]
clang: warning: optimization flag '-freorder-blocks' is not supported [-Wignored-optimization-argument]
make: *** [thc-ipv6-lib.o] Error 1```
If an interface has multiple addresses (esp link-local), it can be useful to specify the exact source address to use when sending the IPV6 Router Solicitation.
Please add a way to specify said source address.
pi@dev-pi:~ $ uname -a
Linux dev-pi 4.4.21-v7+ #911 SMP Thu Sep 15 14:22:38 BST 2016 armv7l GNU/Linux
pi@dev-pi:~ $
pi@dev-pi:~ $
pi@dev-pi:~ $
pi@dev-pi:~ $ cd ipv6toolkit-v2.0/
pi@dev-pi:/ipv6toolkit-v2.0 $ sudo make install/ipv6toolkit-v2.0 $ cd ..
gcc -Wall -c -o libipv6.o tools/libipv6.c
/usr/lib/gcc/arm-linux-gnueabihf/4.9/cc1: symbol lookup error: /usr/lib/arm-linux-gnueabihf/libisl.so.10: undefined symbol: _aff_list_get_ctx
GNUmakefile:110: recipe for target 'libipv6.o' failed
make: *** [libipv6.o] Error 1
pi@dev-pi:
pi@dev-pi:~ $ cd thc-ipv6/
pi@dev-pi:/thc-ipv6 $ sudo make install/thc-ipv6 $
gcc -Ofast -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -freorder-blocks-and-partition -D_HAVE_SSL -c -o thc-ipv6-lib.o thc-ipv6-lib.c
/usr/lib/gcc/arm-linux-gnueabihf/4.9/cc1: symbol lookup error: /usr/lib/arm-linux-gnueabihf/libisl.so.10: undefined symbol: _aff_list_get_ctx
: recipe for target 'thc-ipv6-lib.o' failed
make: *** [thc-ipv6-lib.o] Error 1
pi@dev-pi:
pi@dev-pi:/thc-ipv6 $ sudo apt-get install libpcap-dev/thc-ipv6 $ sudo apt-get install libnetfilter-queue-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
libpcap-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
pi@dev-pi:
Reading package lists... Done
Building dependency tree
Reading state information... Done
libnetfilter-queue-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
pi@dev-pi:/thc-ipv6 $ sudo apt-get install libssl-dev/thc-ipv6 $ ^C
Reading package lists... Done
Building dependency tree
Reading state information... Done
libssl-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
pi@dev-pi:
pi@dev-pi:~/thc-ipv6 $ ls -al /usr/lib/arm-linux-gnueabihf/libisl.*
lrwxrwxrwx 1 root root 16 Jul 1 2014 /usr/lib/arm-linux-gnueabihf/libisl.so.10 -> libisl.so.10.2.2
-rw-r--r-- 1 root root 938496 Jul 1 2014 /usr/lib/arm-linux-gnueabihf/libisl.so.10.2.2
When trying to install on ubuntu 32-bit system recieving error message
make gcc -O2 -D_HAVE_SSL -c -o thc-ipv6-lib.o thc-ipv6-lib.c thc-ipv6-lib.c:40:18: fatal error: pcap.h: No such file or directory compilation terminated. <builtin>: recipe for target 'thc-ipv6-lib.o' failed make: *** [thc-ipv6-lib.o] Error 1
Function BN_new() returns a pointer to the BIGNUM initialised to the value 0. If the allocation fails, it returns NULL and set an error code. However , the return value of function BN_new() in thc-ipv6/thc-ipv6-lib.c is not checked, before passing as an argument to the function BN_set_word(). See the following code:
line: 3209 , 3210
Lines 3203 to 3219 in 011376c
We find the return value of this call been checked in openssl project with the version of openssl 1.1.2.
Such as in openssl/crypto folder
106: bl = BN_new();
107: if (bl == NULL || !BN_set_word(bl, l))
108: goto err;
Chi Li, Zuxing Gu, Jiecheng Wu
Hello, i'm currently working on packaging the last release of thc-ipv6 on Debian (which should be downstreamed to Ubuntu and Kali) and i stumbled upon a problem.
It looks like all the files inside rfc/ are non-free, please have a look at these links[1][2] and consider the removal of the rfc folder.
If you're willing to remove the rfcs from the source code and make a new release without them, i can wait for it and package this new release instead of 3.2. If not, i can do a +dfsg.n[4] release, removing the rfc folder.
Thanks.
[1]https://wiki.debian.org/NonFreeIETFDocuments
[2]http://josefsson.org/bcp78broken/
[3]https://lintian.debian.org/tags/license-problem-non-free-RFC.html
[4]https://wiki.debian.org/DebianMentorsFaq#What_does_.2BIBw-dfsg.2BIB0_or_.2BIBw-ds.2BIB0_in_the_version_string_mean.3F
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.