IPv6 Link Local/Node Local Ping Discovery - Metasploit

This page contains detailed information about how to use the auxiliary/scanner/discovery/ipv6_multicast_ping metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview

---

Name: IPv6 Link Local/Node Local Ping Discovery
Module: auxiliary/scanner/discovery/ipv6_multicast_ping
Source code: modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb
Disclosure date: -
Last modification time: 2019-03-05 03:38:51 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -

Send a ICMPv6 ping request to all default multicast addresses, and wait to see who responds.

Module Ranking and Traits

---

Module Ranking:

• normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

---

msf > use auxiliary/scanner/discovery/ipv6_multicast_ping
msf auxiliary(ipv6_multicast_ping) > show targets
    ... a list of targets ...
msf auxiliary(ipv6_multicast_ping) > set TARGET target-id
msf auxiliary(ipv6_multicast_ping) > show options
    ... show and set options ...
msf auxiliary(ipv6_multicast_ping) > exploit

Required Options

---

• RHOSTS: The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'

Go back to menu.

Msfconsole Usage

---

Here is how the scanner/discovery/ipv6_multicast_ping auxiliary module looks in the msfconsole:

msf6 > use auxiliary/scanner/discovery/ipv6_multicast_ping

msf6 auxiliary(scanner/discovery/ipv6_multicast_ping) > show info

       Name: IPv6 Link Local/Node Local Ping Discovery
     Module: auxiliary/scanner/discovery/ipv6_multicast_ping
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  wuntee

Check supported:
  No

Basic options:
  Name       Current Setting  Required  Description
  ----       ---------------  --------  -----------
  INTERFACE                   no        The name of the interface
  RHOSTS                      yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  SHOST                       no        The source IPv6 address
  SMAC                        no        The source MAC address
  TIMEOUT    5                yes       Timeout when waiting for host response.

Description:
  Send a ICMPv6 ping request to all default multicast addresses, and 
  wait to see who responds.

References:
  http://wuntee.blogspot.com/2010/12/ipv6-ping-host-discovery-metasploit.html

Module Options

---

This is a complete list of options available in the scanner/discovery/ipv6_multicast_ping auxiliary module:

msf6 auxiliary(scanner/discovery/ipv6_multicast_ping) > show options

Module options (auxiliary/scanner/discovery/ipv6_multicast_ping):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   INTERFACE                   no        The name of the interface
   RHOSTS                      yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   SHOST                       no        The source IPv6 address
   SMAC                        no        The source MAC address
   TIMEOUT    5                yes       Timeout when waiting for host response.

Advanced Options

---

Here is a complete list of advanced options supported by the scanner/discovery/ipv6_multicast_ping auxiliary module:

msf6 auxiliary(scanner/discovery/ipv6_multicast_ping) > show advanced

Module advanced options (auxiliary/scanner/discovery/ipv6_multicast_ping):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   GATEWAY_PROBE_HOST  8.8.8.8          yes       Send a TTL=1 random UDP datagram to this host to discover the default gateway's MAC
   GATEWAY_PROBE_PORT                   no        The port on GATEWAY_PROBE_HOST to send a random UDP probe to (random if 0 or unset)
   SECRET              1297303073       yes       A 32-bit cookie for probe requests.
   VERBOSE             false            no        Enable detailed status messages
   WORKSPACE                            no        Specify the workspace for this module

Auxiliary Actions

---

This is a list of all auxiliary actions that the scanner/discovery/ipv6_multicast_ping module can do:

msf6 auxiliary(scanner/discovery/ipv6_multicast_ping) > show actions

Auxiliary actions:

   Name  Description
   ----  -----------

Evasion Options

---

Here is the full list of possible evasion options supported by the scanner/discovery/ipv6_multicast_ping auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(scanner/discovery/ipv6_multicast_ping) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Error Messages

---

This module may fail with the following error messages:

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

WARNING : Pcaprub is not uptodate, some functionality will not be available

---

Here is a relevant code snippet related to the "WARNING : Pcaprub is not uptodate, some functionality will not be available" error message:

62:	    # Start capture
63:	    open_pcap({'FILTER' => "icmp6"})
64:	
65:	    @netifaces = true
66:	    if not netifaces_implemented?
67:	      print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available")
68:	      @netifaces = false
69:	    end
70:	
71:	    @interface = datastore['INTERFACE'] || Pcap.lookupdev
72:	

Go back to menu.

Related Pull Requests

---

• #11523 Merged Pull Request: MSF5: Remove unneeded RHOST deregister in scanners
• #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
• #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
• #6655 Merged Pull Request: use MetasploitModule as a class name
• #6648 Merged Pull Request: Change metasploit class names
• #2525 Merged Pull Request: Change module boilerplate
• #1228 Merged Pull Request: MSFTIDY cleanup #1 - auxiliary
• #951 Merged Pull Request: Infohash cleanups
• #592 Merged Pull Request: ipv6 and arp_scanner fix
• #158 Merged Pull Request: Ipv6 logging

References

---

• CVE: Not available
• http://wuntee.blogspot.com/2010/12/ipv6-ping-host-discovery-metasploit.html

See Also

---

Check also the following modules related to this module:

• auxiliary/scanner/discovery/ipv6_neighbor
• auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement
• auxiliary/scanner/discovery/arp_sweep
• auxiliary/scanner/discovery/empty_udp
• auxiliary/scanner/discovery/udp_probe
• auxiliary/scanner/discovery/udp_sweep
• auxiliary/scanner/mssql/mssql_ping
• auxiliary/scanner/nessus/nessus_xmlrpc_ping
• auxiliary/scanner/sap/sap_soap_rfc_ping
• auxiliary/scanner/db2/discovery
• auxiliary/scanner/sap/sap_service_discovery
• exploit/linux/http/eyesofnetwork_autodiscovery_rce
• exploit/linux/http/nagios_xi_autodiscovery_webshell
• exploit/linux/misc/hid_discoveryd_command_blink_on_unauth_rce
• exploit/multi/http/trendmicro_threat_discovery_admin_sys_time_cmdi
• exploit/windows/brightstor/discovery_tcp
• exploit/windows/brightstor/discovery_udp
• post/windows/recon/computer_browser_discovery
• auxiliary/scanner/http/epmp1000_ping_cmd_exec
• auxiliary/scanner/http/wordpress_pingback_access
• auxiliary/admin/upnp/soap_portmapping

Authors

---

wuntee

Version

---

This page has been produced using Metasploit Framework version 6.2.1-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.