Recently I found a home broadband support IPv6, IPv6 access method here to share local address (network address) of three use.
Generally speaking, we use localhost to represent the local address 127.0.0.1
. In fact, he has his own representation in IPv6 ip6-localhost
:
In addition, we should all know xip.io this service, any IP address can be represented in the form of domain names, to test the vulnerability SSRF more convenient. But xip.io only supports IPv4, IPv6 also has a case similar services, ip6.name.
For example, we can x.1.ip6.name
access ::1
, which is local:
Then share a Windows under cold interesting knowledge of it.
UNC Path is a method of access to shared resources in Windows, code audit some time ago had also shared circle PHP using the UNC, WebDAV methods to include remote file: https://t.zsxq.com/fUjiMfY
The UNC Path is not supported by a colon, so we can not use the IPv6 address in the UNC Path: \\[fe80::2]\share
. So Microsoft officials wanted a crooked trick, they register a domain name ipv6-literal.net
, and then in the Windows system, the IPv6 address of the colon as a horizontal line into ipv6-literal.net
subdomains, such as 2408-8207-1850-2a60--4c8.ipv6-literal.net
.
IPv6 can be accessed via the corresponding target domain:
This is similar to Microsoft's official launch of a ip6.name service.
However, it is interesting, here and ip6.name, xip.io there is a big difference, we access 2408-8207-1850-2a60--4c8.ipv6-literal.net
time, the system will not actually send DNS requests, if the domain name is built into the Windows operating system, born with be there.
So, you will find that, in fact, ipv6-literal.net
the domain name does not renew Microsoft has long been a (now is owned by Godaddy), but we can still be in the browser via a direct 0--1.ipv6-literal.net
access to ::1
, that is my local:
So SSRF test and other loopholes, we may wish to make use of the three URL skills, try to bypass some restrictions.
In addition, SSRF test, even if the target is not connected to the IPv6 network, but local system, Netcom often support IPv6, so it is not that there is no external network IP IPv6 goal of IPv6 skills can not be used for testing.
Source: https://www.tttang.com/archive/1293/