Proj 2x: Port Scanning with IPv6 and Python (10-45 pts. extra credit)

What You Need

A Kali Linux machine, real or virtual. You could use Windows with Python installed, but it's easier to just use Linux.

Purpose

Learn very basic Python IPv6 networking techniques.

Connecting Through an IPv6 Tunnel

Most of us have IPv4-only Internet connections, and are using private addresses behind NAT.

If that is your situation, do these steps to connect through a UDP-based IPv4 tunnal.

Note: If you have Comcast home service, you should already have native IPv6. Connect your Kali VM in Bridged mode and try it--this tunnel may not be needed!

I recommend that you put your Kali machine in NAT made for this. That simplifies things in S214, where the local IPv6 tunnel will cause extra confusing addresses.

In Kali, in a Terminal window, execute these commands:

apt-get install gogoc -y

nano /etc/gogoc/gogoc.conf

The gogoc.conf file opens in the Nano text editor. Every line begining with # is a comment and has no effect.

In nano, scroll down a screen or two and change the server to

anon-montreal.freenet6.net

as shown below. This was necessary to reach a working server when I did it on 7-27-15.

Scroll down several more screens and set log_console=3 as shown below. This makes gogoc print out a lot of useful messages as it connects.

Save the file with Ctrl+X, Y, Enter.

In Kali, in a Terminal window, execute these commands:

mkdir /var/run/gogoc

gogoc -n

You should see "Interface configuration script completed successfully" followed by your IPv6 address, as shown below:

LEAVE THIS TERMINAL WINDOW OPEN! If you close it you will lose your IPv6 connection!

Open another Terminal window and execute this command:

ifconfig
You should see a "tun" adapter with a long IPv6 address, as shown below:

In a Terminal window, execute this command:

ping6 attack.samsclass.info
You should see replies, as shown below:

Capturing a Screen Image

Make sure the Terminal window is visible, showing replies via IPv6.

Capture a whole-desktop image. Save it as "Proj 2xa from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Simple IPv6 TCP Banner-Grabber

This program connects to my server, on port 6000, where I am running a very simple service that echoes your IP and port back so you can see how your client is working.

In Kali Linux, in a Terminal window, execute this command:

nano grab6.py
In nano, enter this code, as shown below. NOTE: The close() needs the parentheses to work!
import socket
s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)

s.connect(("attack.samsclass.info", 6000))
print s.recv(1024)
s.close()

Save the file with Ctrl+X, Y, Enter.

Running the Grabber

In a Terminal window, execute this command:
python grab6.py
You should see a message saying "Connected" and showing the IPv6 address and port you used to connect, as shown below:

Capturing a Screen Image

Make sure your IPv6 address and a port number are visible, as shown in the image above.

Click on the host system's taskbar, at the bottom of the screen.

Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.

Save the image as "Proj 2xb from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

You Now Have 10 Pts.

This is enough to get 10 pts. extra credit. However, I recommend that you do the challenges below to get more!

Challenge 1: Control Source Port (5 pts. extra credit)

To control the source port, add this command after creating the socket:
s.bind(('',3000))
Make a banner-grabber that uses source port 3000 and connect to my server, so you see the message showing your source port of 3000:

Capturing a Screen Image

Make sure your port number of 3000 is visible, as shown in the image above.

Save the image as "Proj 2xc from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Challenge 2: Find a Hidden Service on IPv6 (+15 pts.)

There is another service on my attack.samsclass.info server with these properties: Fetch the secret banner with your Python script, and submit an image like this, showing the redacted text.

Tip: Don't use two loops; use two scripts. First find the listening port; then probe that port with various source ports.

Capturing a Screen Image

Make sure the secret message is visible, as redacted in the image above.

Save the image as "Proj 2xd from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Challenge 3: Find a Hidden Service on IPv4 (+15 pts.)

There is another service on my attack.samsclass.info server with these properties: Fetch the secret banner with your Python script, and submit an image showing it.

Save the image as "Proj 2xe from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Turning in Your Project

Send the images to cnit.124@gmail.com with a subject of "Proj 2x from YOUR NAME".


Last revised: 7-27-15