IPv6 Attacks

Firstly I setup MITM6 in Kali machine: mitm6 -d marvel.local

Once MITM6 was setup, I setup NTLMRelayx: ntlmrelayx.py -6 -t ldaps://192.168.64.151 -wh wpad.marvel.local -l lootme

In the above command, -6 refers to IPv6, the IP address is of DC, -wh value is gained from the output of mitm6, -l creates a lootme directory with various loots.

Once the two commands were running, I restarted the Frank Castle machine and logged in as the Frank Castle user. Upon doing this, it dumped the loot in the lootme directory.

Then I logged in with MARVEL\Administrator user in the Frank Castle machine. This time, ntlmrelay created a new user for me.

The user gets created. It is a Domain User with special ACL permissions assigned to it.

There are several other attacks that can be performed:

https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/