IPv6 access the local address three small Tips

Others 2019-05-29 23:39:47 views: null

Recently I found a home broadband support IPv6, IPv6 access method here to share local address (network address) of three use.

Generally speaking, we use localhost to represent the local address 127.0.0.1. In fact, he has his own representation in IPv6 ip6-localhost:

1558722779473.png

In addition, we should all know xip.io this service, any IP address can be represented in the form of domain names, to test the vulnerability SSRF more convenient. But xip.io only supports IPv4, IPv6 also has a case similar services, ip6.name.

For example, we can x.1.ip6.nameaccess ::1, which is local:

1558723164108.png

Then share a Windows under cold interesting knowledge of it.

UNC Path is a method of access to shared resources in Windows, code audit some time ago had also shared circle PHP using the UNC, WebDAV methods to include remote file: https://t.zsxq.com/fUjiMfY

The UNC Path is not supported by a colon, so we can not use the IPv6 address in the UNC Path: \\[fe80::2]\share. So Microsoft officials wanted a crooked trick, they register a domain name ipv6-literal.net, and then in the Windows system, the IPv6 address of the colon as a horizontal line into ipv6-literal.netsubdomains, such as 2408-8207-1850-2a60--4c8.ipv6-literal.net.

IPv6 can be accessed via the corresponding target domain:

1558725001686.png

This is similar to Microsoft's official launch of a ip6.name service.

However, it is interesting, here and ip6.name, xip.io there is a big difference, we access 2408-8207-1850-2a60--4c8.ipv6-literal.nettime, the system will not actually send DNS requests, if the domain name is built into the Windows operating system, born with be there.

So, you will find that, in fact, ipv6-literal.netthe domain name does not renew Microsoft has long been a (now is owned by Godaddy), but we can still be in the browser via a direct 0--1.ipv6-literal.netaccess to ::1, that is my local:

1558725256789.png

So SSRF test and other loopholes, we may wish to make use of the three URL skills, try to bypass some restrictions.

In addition, SSRF test, even if the target is not connected to the IPv6 network, but local system, Netcom often support IPv6, so it is not that there is no external network IP IPv6 goal of IPv6 skills can not be used for testing.

 

Source: https://www.tttang.com/archive/1293/ 

 

 

Guess you like

Origin www.cnblogs.com/mrhonest/p/10945249.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com