2 require 'socket'

3

4 describe VagrantPlugins::ProviderVirtualBox::Action::NetworkFixIPv6 do

5 include_context "unit"

6 include_context "virtualbox"

36 end

37

38 context "with IPv6 interfaces" do

39 let(:socket) { double("socket") }

40

51 it "only checks the interfaces associated with the VM" do

52 all_networks = [{name: "vboxnet0",

53 ipv6: "dead:beef::",

54 ipv6_prefix: 64,

56 },

57 {name: "vboxnet1",

58 ipv6: "badd:badd::",

59 ipv6_prefix: 64,

52 # @param [Symbol] type

53 # The type of WHOIS adapter to define.

54 # Known values are :tld, :ipv4, :ipv6.

55 # @param [String] allocation

56 # The allocation, range or hostname, this server is responsible for.

17 db.port = 123

18

19 db.ipv6 = true

20 db.only_collections = ['users', 'pirates']

21 db.additional_options = ['--query']

87 end

88

89 describe '#ipv6' do

90 it 'should return a mongodb syntax compatible ipv6 flag' do

91 db.ipv6 = true

92 db.ipv6.should == '--ipv6'

93 end

94

95 it 'should return an empty string' do

96 db.ipv6 = nil

97 db.ipv6.should == ''

124 @parser.nameservers[0].name.should == "ns1.nic.fr"

125 @parser.nameservers[0].ipv4.should == "192.93.0.1"

126 @parser.nameservers[0].ipv6.should == "2001:660:3005:1::1:1"

127 @parser.nameservers[1].should be_a(Whois::Record::Nameserver)

128 @parser.nameservers[1].name.should == "ns2.nic.fr"

129 @parser.nameservers[1].ipv4.should == "192.93.0.4"

130 @parser.nameservers[1].ipv6.should == "2001:660:3005:1::1:2"

131 @parser.nameservers[2].should be_a(Whois::Record::Nameserver)

132 @parser.nameservers[2].name.should == "ns3.nic.fr"

133 @parser.nameservers[2].ipv4.should == "192.134.0.49"

134 @parser.nameservers[2].ipv6.should == "2001:660:3006:1::1:1"

135 end

136 end

124 subject.nameservers[0].name.should == "ns1.nic.fr"

125 subject.nameservers[0].ipv4.should == "192.93.0.1"

126 subject.nameservers[0].ipv6.should == "2001:660:3005:1::1:1"

127 subject.nameservers[1].should be_a(Whois::Record::Nameserver)

128 subject.nameservers[1].name.should == "ns2.nic.fr"

129 subject.nameservers[1].ipv4.should == "192.93.0.4"

130 subject.nameservers[1].ipv6.should == "2001:660:3005:1::1:2"

131 subject.nameservers[2].should be_a(Whois::Record::Nameserver)

132 subject.nameservers[2].name.should == "ns3.nic.fr"

133 subject.nameservers[2].ipv4.should == "192.134.0.49"

134 subject.nameservers[2].ipv6.should == "2001:660:3006:1::1:1"

135 end

136 end

28 # * a {#max_resp_delay} field ({Types::Int16} type),

29 # * a {#reserved} field ({Types::Int16} type),

30 # * a {#mcast_addr} field ({Header::IPv6::Addr} type),

31 # * and a {#body} (unused for MLDv1).

32 #

35 # mld = PacketGen::Header::MLD.new

36 # # in a packet

37 # pkt = PacketGen.gen('IPv6').add('ICMPv6').add('MLD')

38 # # access to MLD header

39 # pkt.mld # => PacketGen::Header::MLD

57 define_field :reserved, Types::Int16

58 # @!attribute mcast_addr

59 # IPv6 Multicast address

60 # @return [IPv6::Addr]

87 ipv6.next = 0

88 packet.insert(ipv6, 'IPv6::HopByHop', next: ICMPv6::IP_PROTOCOL)

89 packet.ipv6_hopbyhop.options << { type: 'router_alert', value: [0].pack('n') }

81 uri = URI("")

82 uri.scheme = call[:scheme]

83 # The host can be a domain, IPv4 or IPv6.

84 # Ruby handle IPv6 for us at

20 def initialize(info = {})

21 super(merge_info(info,

22 'Name' => 'PHP Command Shell, Bind TCP (via php) IPv6',

23 'Description' => 'Listen for a connection and spawn a command shell via php (IPv6)',

63 # {http://www.telefonica.com/schemas/UNICA/REST/common/v1}IpAddressType

64 # ipv4 - (any)

65 # ipv6 - (any)

66 class IpAddressType

67 attr_accessor :ipv4

68 attr_accessor :ipv6

69

70 def initialize(ipv4 = nil, ipv6 = nil)

71 @ipv4 = ipv4

72 @ipv6 = ipv6

73 end

74 end

32 end

33

34 # No IPv6 support yet

35 def support_ipv6?

36 end

37

38 # No IPv6 support yet

39 def support_ipv6?

79 * IPV4, like 127.0.0.1

80 * IPV4/prefixlength like 127.0.1.1/24

81 * IPV6/prefixlength like FE80::21A:2FFF:FE30:ECF0/128

82 * an optional suffix for IPV6 addresses from this list: eui-64, link-local

55 default['bind']['masters'] = []

56

57 # Boolean to turn off/on IPV6 support

58 default['bind']['ipv6_listen'] = false

30 ip_addr = nil

31 if (mac_addr.ipv4_addr.nil? || mac_addr.ipv4_addr.empty?)

32 ip_addr = mac_addr.ipv6_addr

33 else

34 ip_addr = mac_addr.ipv4_addr

243 end

244

245 def test_database_url_with_ipv6_host_and_port

246 ENV["DATABASE_URL"] = "postgres://[::1]:5454/foo"

247

113 expect(subject.nameservers[0].name).to eq("CNS1.SECURESERVER.NET")

114 expect(subject.nameservers[0].ipv4).to eq(nil)

115 expect(subject.nameservers[0].ipv6).to eq(nil)

116 expect(subject.nameservers[1]).to be_a(Whois::Record::Nameserver)

117 expect(subject.nameservers[1].name).to eq("CNS2.SECURESERVER.NET")

118 expect(subject.nameservers[1].ipv4).to eq(nil)

119 expect(subject.nameservers[1].ipv6).to eq(nil)

120 expect(subject.nameservers[2]).to be_a(Whois::Record::Nameserver)

121 expect(subject.nameservers[2].name).to eq("CNS3.SECURESERVER.NET")

122 expect(subject.nameservers[2].ipv4).to eq(nil)

123 expect(subject.nameservers[2].ipv6).to eq(nil)

124 end

125 end

147 expect(subject.nameservers[0].name).to eq("dns5.registrar-servers.com")

148 expect(subject.nameservers[0].ipv4).to eq(nil)

149 expect(subject.nameservers[0].ipv6).to eq(nil)

150 expect(subject.nameservers[1]).to be_a(Whois::Record::Nameserver)

151 expect(subject.nameservers[1].name).to eq("dns3.registrar-servers.com")

152 expect(subject.nameservers[1].ipv4).to eq(nil)

153 expect(subject.nameservers[1].ipv6).to eq(nil)

154 expect(subject.nameservers[2]).to be_a(Whois::Record::Nameserver)

155 expect(subject.nameservers[2].name).to eq("dns2.registrar-servers.com")

156 expect(subject.nameservers[2].ipv4).to eq(nil)

157 expect(subject.nameservers[2].ipv6).to eq(nil)

158 expect(subject.nameservers[3]).to be_a(Whois::Record::Nameserver)

159 expect(subject.nameservers[3].name).to eq("dns1.registrar-servers.com")

37

38 allow_ip! "127.0.0.0/8"

39 allow_ip! "::1/128" rescue nil # windows ruby doesn't have ipv6 support

40

41 # A new instance of BetterErrors::Middleware

1 class NetworkSetting < ActiveRecord::Base

2

3 #OPTIMIZE Make netmask an integer instead of a string and use the prefix length instead of a dotted quad. Easier to handle (validate/store/convert) and works for both IPv4 and IPv6.

4

5 before_validation( :on => :create ) {

34 end

35

36 describe 'ipv6 address' do

37 before { @ipaddr = Puppet::Util::IPCidr.new('2001:db8:85a3:0:0:8a2e:370:7334') }

38 subject { @ipaddr }

42 end

43

44 describe 'single ipv6 addr with cidr' do

45 before { @ipaddr = Puppet::Util::IPCidr.new('2001:db8:85a3:0:0:8a2e:370:7334/128') }

46 subject { @ipaddr }

50 end

51

52 describe 'ipv6 addr range with cidr' do

53 before { @ipaddr = Puppet::Util::IPCidr.new('2001:db8:1234::/48') }

54 subject { @ipaddr }

52 end

53

54 it 'handles ipv6 addresses' do

55 s = Dalli::Protocol::Binary.new('[::1]')

56 assert_equal '::1', s.hostname

60 end

61

62 it 'handles ipv6 addresses with port' do

63 s = Dalli::Protocol::Binary.new('[::1]:11212')

64 assert_equal '::1', s.hostname

68 end

69

70 it 'handles ipv6 addresses with port and weight' do

71 s = Dalli::Protocol::Binary.new('[::1]:11212:2')

72 assert_equal '::1', s.hostname

197 end

198

199 should "record user's IPv6 address" do

200 page.driver.options[:headers] = { "REMOTE_ADDR" => "2001:0db8:0000:0000:0008:0800:200c:417a" }

201 visit root_path

17

18 def self.handler_type_alias

19 "reverse_ipv6_tcp"

20 end

21

23

24 super(merge_info(info,

25 'Name' => 'Reverse TCP Stager (IPv6)',

26 'Description' => 'Connect back to the attacker over IPv6',

64 register_options(

65 [

66 OptInt.new("SCOPEID", [false, "The IPv6 Scope ID, required for link-layer addresses", 0])

67 ], self.class)

68 end

27 :ipaddress => [9,

28 lambda do |prefix,ip,option|

29 ip.ipv6? ? "ipv6 address #{ip.to_s}/#{prefix} #{option}" :

30 "ip address #{ip.to_s} #{netmask(Socket::AF_INET,prefix)}"

31 end],

18 end

19

20 it "binds to localhost and a port with either IPv4 or IPv6" do

21 @server = TCPServer.new(SocketSpecs.hostname, SocketSpecs.port)

22 addr = @server.addr

187 describe 'Blather::Stanza::Iq::DiscoInfo::Feature' do

188 it 'will auto-inherit nodes' do

189 n = XML::Document.string "<feature var='ipv6' />"

190 i = Stanza::Iq::DiscoInfo::Feature.new n.root

191 i.var.must_equal 'ipv6'

203 a.must_respond_to :eql?

204 a.must_equal Blather::Stanza::Iq::DiscoInfo::Feature.new('var')

205 a.wont_equal "<feature var='ipv6' />"

206 end

207 end

86 expect(subject.nameservers[0].name).to eq("ns1.google.com")

87 expect(subject.nameservers[0].ipv4).to eq(nil)

88 expect(subject.nameservers[0].ipv6).to eq(nil)

89 expect(subject.nameservers[1]).to be_a(Whois::Record::Nameserver)

90 expect(subject.nameservers[1].name).to eq("ns2.google.com")

91 expect(subject.nameservers[1].ipv4).to eq(nil)

92 expect(subject.nameservers[1].ipv6).to eq(nil)

93 expect(subject.nameservers[2]).to be_a(Whois::Record::Nameserver)

94 expect(subject.nameservers[2].name).to eq("ns3.google.com")

95 expect(subject.nameservers[2].ipv4).to eq(nil)

96 expect(subject.nameservers[2].ipv6).to eq(nil)

97 expect(subject.nameservers[3]).to be_a(Whois::Record::Nameserver)

98 expect(subject.nameservers[3].name).to eq("ns4.google.com")

39 end

40

41 def self.supports_ipv6_autoconf_param?

42 cmd = '/sbin/modinfo ipv6 | /bin/grep -q autoconf:'

101 end

102

103 def test_ipv6?

104 getaddrs.each do |addr|

105 if addr.afamily == Socket::AF_INET6

113 # Travis CI's 'trusty' environment no longer has IP6 (travis-ci/travis-ci#4964)

114 unless ENV['TRAVIS']

115 def test_ipv6_loopback?

116 loopbacks = getaddrs.select do |addr|

117 if addr.afamily == Socket::AF_INET6

154 assert_equal( 0, sockaddr.bytes[1])

155 else

156 # TODO: (gf) test ipv6 addresses when Socket.unpack_sockaddr_in works for ipv6 and ipv6

157 if addr.ipv4?

158 assert_equal([addr.ip_port,addr.ip_address], Socket.unpack_sockaddr_in(sockaddr))

200 # def test_ipv6_mc_global? ; end

201 # def test_ipv6_mc_linklocal? ; end

202 # def test_ipv6_mc_nodelocal? ; end

28 end

29 end

30 context 'EC2 Network ACL Entry uses a partial ipv6 CIDR range for a Deny rule' do

31 it 'returns the offending logical resource id' do

32 cfn_model = CfnParser.new.parse read_test_template(

33 'yaml/ec2_networkaclentry/ec2_networkaclentry_deny_partial_ipv6_cidr_range.yml'

34 )

35

40 end

41 end

42 context 'EC2 Network ACL Entry uses a full ipv6 CIDR range for a Deny rule' do

43 it 'returns an empty list' do

44 cfn_model = CfnParser.new.parse read_test_template(

128 expect(subject.nameservers[0].name).to eq("ns2.cdmon.es")

129 expect(subject.nameservers[0].ipv4).to eq(nil)

130 expect(subject.nameservers[0].ipv6).to eq(nil)

131 expect(subject.nameservers[1]).to be_a(Whois::Parser::Nameserver)

132 expect(subject.nameservers[1].name).to eq("ns3.cdmon.es")

133 expect(subject.nameservers[1].ipv4).to eq(nil)

134 expect(subject.nameservers[1].ipv6).to eq(nil)

135 expect(subject.nameservers[2]).to be_a(Whois::Parser::Nameserver)

136 expect(subject.nameservers[2].name).to eq("ns1.cdmon.es")

137 expect(subject.nameservers[2].ipv4).to eq(nil)

138 expect(subject.nameservers[2].ipv6).to eq(nil)

139 end

140 end

50 end

51

52 describe 'with specific bind_ip values and ipv6' do

53 let(:pre_condition) { ["class mongodb::server { $config = '/etc/mongod.conf' $dbpath = '/var/lib/mongo' $rcfile = '/root/.mongorc.js' $ensure = present $bind_ip = ['127.0.0.1', 'fd00:beef:dead:55::143'] $ipv6 = true }", "include mongodb::server"]}

55 it {

56 is_expected.to contain_file('/etc/mongod.conf').with_content(/bind_ip\s=\s127\.0\.0\.1\,fd00:beef:dead:55::143/)

57 is_expected.to contain_file('/etc/mongod.conf').with_content(/ipv6=true/)

58 }

59 end

10

11 it "should contain sane defaults" do

12 expect(@ipv6_header.ipv6_v).to eql(6)

13 expect(@ipv6_header.ipv6_len).to eql(0)

53 expect(@ipv6_packet.payload).to eql("")

54 expect(@ipv6_packet.is_ipv6?).to be true

55 end

56

63 @ipv6_packet.recalc

64 expect(@ipv6_packet.ipv6_len).to eq(14)

65

66 @ipv6_packet.payload = "\0" * 255

76 @ipv6_packet.payload = "\xff" * 12

77 @ipv6_packet.ipv6_recalc(:ipv6_len)

78 expect(@ipv6_packet.ipv6_len).to eq(12)

24 expected = []

25 # The check for AP_INET6's class is needed because ipaddr.rb adds

26 # fake AP_INET6 even in case when IPv6 is not really supported.

27 # Without such check, this test might fail when ipaddr was required

28 # by some other specs.

91

92

93 it "accepts empty addresses for IPv6 passive sockets" do

94 res = Socket::getaddrinfo(nil, "http",

95 Socket::AF_INET6,

105 end

106

107 it "accepts empty addresses for IPv6 non-passive sockets" do

108 res = Socket::getaddrinfo(nil, "http",

109 Socket::AF_INET6,

19 192.168.1.4 ns00.linux.or.jp

20 192.168.1.5 yum.macos.or.jp

21 ::ffff:192.168.1.5 ipv6.macos.or.jp

22 ::192.168.1.5 too.yumipv6.macos.or.jp

58 assert(! a.match(@hosts['localhost']))

59 assert(a.match(@hosts['yum']))

60 assert(a.match(@hosts['ipv6']))

61 assert(! a.match(@hosts['too']))

62 end

18 attribute :progress

19 attribute :accessIPv4

20 attribute :accessIPv6

21 attribute :state, :aliases => 'status'

22 attribute :created_at, :aliases => 'created'

182 'personality' => personality,

183 'accessIPv4' => accessIPv4,

184 'accessIPv6' => accessIPv6,

185 'min_count' => @min_count,

186 'max_count' => @max_count,

98 end

99

100 def ipv6_log_line

101 log_line("::1 - - #{time_log_component} " +

102 "\"GET / HTTP/1.1\" 200 613 \"-\" \"Ruby\"")

103 end

104

105 def ipv6_log_entry

106 options = {

107 :remote_address => "::1",

180 end

181

182 def test_ipv6_log

183 accesses = parse(join_lines(ipv6_log_line))

184 assert_equal([ipv6_log_entry],

185 accesses)

186 end

47 end

48

49 def use_ipv6

50 false

51 end

89 af_inet = 2

90

91 if use_ipv6

92 af_inet = 0xa

93 end

137 ^

138

139 if use_ipv6

140 asm << %Q^

141 push 2

29 --prefix=#{prefix}

30 --sysconfdir=#{HOMEBREW_PREFIX}/etc

31 --enable-ipv6

32 --with-openssl

33 ]

28 end

29

30 it 'handles an IPv6 hostname as expected' do

31 hostname = '::1'

32 expect(File.path_to_uri('foo', hostname)).to eql("file://[#{hostname}]/foo")

55 end

56

57 describe 'ipv6 address' do

58 subject { ipaddr }

59

65 end

66

67 describe 'single ipv6 addr with cidr' do

68 subject { ipaddr }

69

75 end

76

77 describe 'ipv6 addr range with cidr' do

78 subject { ipaddr }

79

31 --prefix=#{prefix}

32 --disable-dependency-tracking

33 --enable-ipv6

34 ]

35 if build.include? 'disable-fortran'

18 end

19

20 it "binds to localhost and a port with either IPv4 or IPv6" do

21 @server = TCPServer.new(SocketSpecs.hostname, 0)

22 addr = @server.addr

10 # the comma-delimited list in the X-Forwarded-For header. See also:

11 # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces

12 # http://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses.

13 remove_const :TRUSTED_PROXIES

14 TRUSTED_PROXIES = %r{

19 def initialize(info = {})

20 super(merge_info(info,

21 'Name' => 'BSD x64 Command Shell, Reverse TCP Inline (IPv6)',

22 'Description' => 'Connect back to attacker and spawn a command shell over IPv6',

23 'Author' => 'Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>',

24 'References' => ['URL', 'https://github.com/earthquake/shellcodes/blob/master/x86_64_bsd_ipv6_reverse_tcp.asm.c'],

25 'License' => MSF_LICENSE,

26 'Platform' => 'bsd',

78 "\x00\x1c\x11\x5c" +# AF_INET6+port #

79 "\x00\x00\x00\x00" +# no-one-cares #

80 "\x00\x00\x00\x00" +# IPv6- #

81 "\x00\x00\x00\x00" +# addr- #

82 "\x00\x00\x00\x00" +# in- #

86 ))

87 register_options([

88 OptInt.new('SCOPEID', [false, "IPv6 scope ID, for link-local addresses", 0])

89 ])

90 end

31 'server' => server_format.merge({

32 'accessIPv4' => String,

33 'accessIPv6' => String,

34 'OS-DCF:diskConfig' => String,

35 'rax-bandwidth:bandwidth' => Fog::Nullable::Array,

28 'broute' => ['BROUTING']

29 }.each_pair do |table, allowedinternalchains|

30 ['IPv4', 'IPv6', 'ethernet'].each do |protocol|

31 [ 'test', '$5()*&%\'"^$09):' ].each do |chainname|

32 name = "#{chainname}:#{table}:#{protocol}"

33 if table == 'nat' && protocol == 'IPv6'

34 it "should fail #{name}" do

35 expect { resource[:name] = name }.to raise_error(Puppet::Error)

100 def sendto(gram, peerhost, peerport, flags = 0)

101

102 # Catch unconnected IPv6 sockets talking to IPv4 addresses

103 peer = Rex::Socket.resolv_nbo(peerhost)

104 if (peer.length == 4 and self.ipv == 6)

69 end

70

71 it "should support IPv6 address" do

72 add_rule("allow 2001:DB8::8:800:200C:417A")

73

98 end

99

100 def test_ipv6_host_supplied_port_default

101 @options[:Host] = "::1"

102 conf = Rack::Handler::Puma.config(->{}, @options)

17 --prefix=/usr/local/php

18 --with-apxs2=/usr/local/apache2/bin/apxs

19 --disable-ipv6

20 --enable-sockets

21 --enable-soap

80 end

81

82 # IPv6 rules

83 iptables_ng_rule '999-all-drop-ip6' do

84 rule '-j REJECT'

189 end

190 end

191 it 'finds ipv6' do

192 shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'2607:f0d0:1002:0051:0000:0000:0000:0004'\"") do |r|

193 expect(r.stdout).to match(/GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'2607:f0d0:1002:0051:0000:0000:0000:0004'/)

195 end

196 end

197 it 'finds short ipv6' do

198 shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'::1/128'\"") do |r|

199 expect(r.stdout).to match(/GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'::1\/128'/)

81 expect(subject.nameservers[0].name).to eq("ns1.google.com")

82 expect(subject.nameservers[0].ipv4).to eq(nil)

83 expect(subject.nameservers[0].ipv6).to eq(nil)

84 expect(subject.nameservers[1]).to be_a(Whois::Parser::Nameserver)

85 expect(subject.nameservers[1].name).to eq("ns2.google.com")

86 expect(subject.nameservers[1].ipv4).to eq(nil)

87 expect(subject.nameservers[1].ipv6).to eq(nil)

88 end

89 end

8 c.filter_run :focus => true

9 c.run_all_when_everything_filtered = true

10 # apache on Ubuntu 10.04 and 12.04 doesn't like IPv6 VirtualHosts, so we skip ipv6 tests on those systems

11 if fact('operatingsystem') == 'Ubuntu' and (fact('operatingsystemrelease') == '10.04' or fact('operatingsystemrelease') == '12.04')

12 c.filter_run_excluding :ipv6 => true

9 LINK_LOCAL = ['169.254.0.0/16']

10 DOCUMENTATION = ['192.0.2.0/24', '198.51.100.0/24', '203.0.113.0/24']

11 IPV6_RELAY = ['192.88.99.0/24']

12 BENCHMARK = ['198.18.0.0/15']

13 MULTICAST = ['224.0.0.0/4']

73 end

74

75 def ipv6_relay?

76 exist_in_pool?(IPV6_RELAY)

77 end

78

79 def self.ipv6_relay?(addr)

80 begin

81 new(addr).ipv6_relay?

115 !link_local? &&

116 !documentation? &&

117 !ipv6_relay? &&

118 !benchmark? &&

119 !multicast?

9 end

10

11 it "initializes IPAddr ipv6 address with short notation" do

12 a = IPAddr.new

13 a.to_s.should == "::"

16 end

17

18 it "initializes IPAddr ipv6 address with long notation" do

19 a = IPAddr.new("0123:4567:89ab:cdef:0ABC:DEF0:1234:5678")

20 a.to_s.should == "123:4567:89ab:cdef:abc:def0:1234:5678"

23 end

24

25 it "initializes IPAddr ipv6 address with / subnet notation" do

26 a = IPAddr.new("3ffe:505:2::/48")

27 a.to_s.should == "3ffe:505:2::"

41 end

42

43 it "should pase IPv6 addresses" do

44 anchored(ip_address).should =~ '::1'

45 anchored(ip_address).should =~ '3ffe:1900:4545:3:200:f8ff:fe21:67cf'

50 # non_default_properties

51 #

52 tests[:ipv6] = {

53 desc: '2.1 IPV6 Properties',

78

79 # -------------------------------------------------------------------

80 logger.info("\n#{'-' * 60}\nSection 2. IPV6 Property Testing")

81 test_harness_run(tests, :ipv6)

59 end

60

61 context "with ipv6 host" do

62 let(:host) { '2001:DB8::1' }

63

135 ],

136

137 [ "with ipv6 host",

138 default_options.merge({

139 'vhost' => "2001:DB8::1",

144 ],

145

146 [ "with ipv6 host and non-default port",

147 default_options.merge({

148 'port' => 1234,

25

26 super(merge_info(info,

27 'Name' => 'Windows Meterpreter Shell, Reverse TCP Inline (IPv6)',

28 'Description' => 'Connect back to attacker and spawn a Meterpreter shell',

29 'Author' => [ 'OJ Reeves' ],

38 OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']),

39 OptString.new('EXTINIT', [false, 'Initialization strings for extensions']),

40 OptInt.new("SCOPEID", [false, "The IPv6 Scope ID, required for link-layer addresses", 0])

41 ], self.class)

42 end

56 expiration: datastore['SessionExpirationTimeout'].to_i,

57 uuid: opts[:uuid],

58 transports: [transport_config_reverse_ipv6_tcp(opts)],

59 extensions: (datastore['EXTENSIONS'] || '').split(','),

60 ext_init: (datastore['EXTINIT'] || '')

21 1010 => 'rejected', # This email account has been blocked from sending emails due to suspicious activity.

22 1090 => 'systemerror', # The email you're trying to send can't be processed. Try sending again at a later time.

23 1260 => 'networkerror', # Spectrum doesn't process IPV6 addresses. Connect with an IPv4 address and try again.

24 1500 => 'rejected', # Your email was rejected for attempting to send as a different email address than you signed in under.

25 1520 => 'rejected', # Your email was rejected for attempting to send as a different email address than a domain that we host.

106 hostname = socket.recv(len)

107 when 4

108 ipv6addr hostname = socket.recv(16)

109 else

110 socket.close

33 #Launch the Configure Network Settings ruby script

34 #Add library file to the path

35 $:.unshift File.dirname(__FILE__).chomp('driver/web_ipv6')<<'lib' # add library to path

36 s = Time.now

37 require 'generic'

96 list[name] ||= Record::Nameserver.new(:name => name)

97 list[name].ipv4 = ip if Whois::Server.valid_ipv4?(ip)

98 list[name].ipv6 = ip if Whois::Server.valid_ipv6?(ip)

99 else

100 order << line unless order.include?(line)

17 args = %W[--prefix=#{prefix}

18 --disable-dependency-tracking

19 --enable-ipv6

20 --enable-gre

21 --enable-mpls

46

47 # Not compatible today

48 def support_ipv6?

49 false

50 end

5 # The rebuild operation removes all data on the server and replaces it with the specified image.

6 # The serverRef and all IP addresses remain the same. If you specify name, metadata, accessIPv4,

7 # or accessIPv6 in the rebuild request, new values replace existing values. Otherwise, these values do not change.

8 # @param [String] server_id id of the server to rebuild

9 # @param [String] image_id id of image used to rebuild the server

10 # @param [Hash] options

11 # @option options [String] accessIPv4 The IP version 4 address.

12 # @option options [String] accessIPv6 The IP version 6 address.

13 # @option options [String] adminPass The administrator password.

14 # @option options [Hash] metadata key value pairs of server metadata

15 /firewall add rule name="duplicate1" description="same comment" dir=in protocol=tcp localip=any localport=1111 interfacetype=any remoteip=any remoteport=any action=allow/,

16 /firewall add rule name="duplicate1" description="same comment" dir=in protocol=tcp localip=any localport=5431,5432 interfacetype=any remoteip=any remoteport=any action=allow/,

17 /firewall add rule name="ipv6-source" description="ipv6-source" dir=in protocol=tcp localip=any localport=80 interfacetype=any remoteip=2001:db8::ff00:42:8329 remoteport=any action=allow/,

18 /firewall add rule name="range" description="range" dir=in protocol=tcp localip=any localport=1000-1100 interfacetype=any remoteip=any remoteport=any action=allow/,

19 /firewall add rule name="array" description="array" dir=in protocol=tcp localip=any localport=1234,5000-5100,5678 interfacetype=any remoteip=any remoteport=any action=allow/,

124 end

125

126 class IPv6_in_IPv4 < NetworkAdapter

127 end

128

37 "--with-bzlib",

38 "--with-ssl=#{Formula["openssl@1.1"].opt_prefix}",

39 "--enable-ipv6",

40 "--with-screen=ncurses",

41 "--disable-config-info"

10 end

11

12 describe "IPv6 address fact" do

13 it "should return ipaddress6 information for Darwin" do

14 Facter::Util::Resolution.stubs(:exec).with('uname -s').returns('Darwin')

36 tls_hash = if use_ssl then '{rejectUnauthorized:false}, ' else '' end

37 net_lib = if use_ssl then 'tls' else 'net' end

38 lhost = Rex::Socket.is_ipv6?(lhost) ? "[#{datastore['LHOST']}]" : datastore['LHOST']

39 # the global.process.mainModule.constructor._load fallback for require() is

40 # handy when the payload is eval()'d into a sandboxed context: the reference

137

138 ip = IPAddress.parse(IPSocket.getaddress(host))

139 family = ip.ipv6? ? Socket::AF_INET6 : Socket::AF_INET

140

141 Eventless::Sockaddr.pack_sockaddr_in(port, ip.to_s, family)

16

17 def connect_to(uri, store)

18 # None of the URIs are IPv6, so URI::Generic#hostname(ruby 1.9.3+) isn't needed

19 http = Net::HTTP.new uri.host, uri.port

20

124 end

125

126 def ipv6_enabled?

127 require 'socket'

128

68 # Your host name:

69 'NetBSD61-amd64<Enter>',

70 # Perform IPv6 autoconfiguration? a: No

71 '<Enter>',

72 # Are they OK? a: Yes

64 else

65 connection_address = @connection.address

66 if (connection_address =~ Resolv::IPv6::Regex)

67 connection_address = "[#{connection_address}]"

68 end

33 require 'msf/core/exploit/udp'

34 require 'msf/core/exploit/ip'

35 require 'msf/core/exploit/ipv6'

36 require 'msf/core/exploit/dhcp'

37 require 'msf/core/exploit/ntlm'

36 namefam = name.upcase + 'v4' if config[:ipv4]

37 elsif lofam == Socket::AF_INET6

38 namefam = name.upcase + 'v6' if config[:ipv6]

39 else

40 raise "unknown address family #{lofam} for #{lostr}"

58 results = countries.keys.reduce({}) { |a, k|

59 a.merge! k.upcase+'v4' => [] if config[:ipv4]

60 a.merge! k.upcase+'v6' => [] if config[:ipv6]

61 a

62 }

88 countries.keys.each do |name|

89 v4mod = config[:ipv4] ? name.to_s.upcase + 'v4' : 'nil'

90 v6mod = config[:ipv6] ? name.to_s.upcase + 'v6' : 'nil'

91 write_method file, name, v4mod, v6mod

92 end

22 "net.interface.eth2.ipv4_address" => "192.168.127.5",

23 "net.interface.eth2.netmask" => "255.255.255.0",

24 "net.interface.eth2.ipv6_address.link" => "fe80::1a03:73ff:fe44:6d94",

25 "net.interface.eth0.broadcast" => "123.123.123.123",

26 "net.interface.eth0.ipv4_address" => "192.168.127.4",

27 "net.interface.eth0.netmask" => "255.255.255.0",

28 "net.interface.eth0.ipv6_address.link" => "fe80::2a03:73ff:fe44:6d94",

29 "net.interface.em1.broadcast" => "123.123.123.123",

30 "net.interface.em1.ipv4_address" => "192.168.1.6",

31 "net.interface.em1.netmask" => "255.255.255.0",

32 "net.interface.em1.ipv6_address.link" => "fc80::2a03:73ff:fe44:6d94"

33 }

34 }

13 # * OS-EXT-STS:vm_state [String] - The VM state.

14 # * accessIPv4 [String] - The public IP version 4 access address.

15 # * accessIPv6 [String] - The public IP version 6 access address.

16 # * addresses [Hash] - Public and private IP addresses, The version field indicates whether the IP address is version 4 or 6.

17 # * created [String] - created timestamp

53 raise Fog::Compute::RackspaceV2::NotFound

54 else

55 server_response = Fog::Rackspace::MockData.keep(server, 'id', 'name', 'hostId', 'created', 'updated', 'status', 'progress', 'user_id', 'tenant_id', 'links', 'metadata', 'accessIPv4', 'accessIPv6', 'OS-DCF:diskConfig', 'rax-bandwidth:bandwidth', 'addresses', 'flavor', 'image')

56 server_response['image']['links'].map! { |l| l.delete("type"); l }

57 response(:body => {"server" => server_response})

13 it '.all returns all header classes' do

14 expect(Header.all).to include(Header::Eth, Header::IP, Header::ICMP, Header::ARP,

15 Header::IPv6, Header::ICMPv6, Header::UDP,

16 Header::TCP)

17 expect(Header.all.size).to eq(53)

13

14 # Address RegExp to use for matching IP addresses

15 ADDRESS_REGEX = /(?:#{IPv4::Regex})|(?:#{IPv6::Regex})/

16

17

31 ::Socket::SOL_SOCKET => %w{SCM_ UNIX},

32 ::Socket::IPPROTO_IP => %w{IP_ IP},

33 ::Socket::IPPROTO_IPV6 => %w{IPV6_ IPV6},

34 ::Socket::IPPROTO_TCP => %w{TCP_ TCP},

35 ::Socket::IPPROTO_UDP => %w{UDP_ UDP}

37

38 # Not compatible today

39 def support_ipv6?

40 false

41 end

6 # The rebuild operation removes all data on the server and replaces it with the specified image.

7 # The serverRef and all IP addresses remain the same. If you specify name, metadata, accessIPv4,

8 # or accessIPv6 in the rebuild request, new values replace existing values. Otherwise, these values do not change.

9 # @param [String] server_id id of the server to rebuild

10 # @param [String] image_id id of image used to rebuild the server

11 # @param [Hash] options

12 # @option options [String] accessIPv4 The IP version 4 address.

13 # @option options [String] accessIPv6 The IP version 6 address.

14 # @option options [String] adminPass The administrator password.

15 # @option options [Hash] metadata key value pairs of server metadata

15 end

16

17 # Normalizes hosts. If the host part is an ipv6 literal, then it

18 # needs to be quoted with []

19 def self.normalize_host(host_part)

20 # Make this simple: if ':' is detected at all, it is assumed

21 # to be a valid ipv6 address. We don't do data validation at this

22 # point, and ':' is only valid in an URL if it is quoted by brackets.

23 if host_part =~ /:/

16 class Address

17

18 # Sets up resolution with IPv6 support if the address is an ip

19 # address.

20 #

21 # @since 2.0.0

22 class IPv6

23

24 # @return [ String ] host The host.

31 attr_reader :port

32

33 # The regular expression to use to match an IPv6 ip address.

34 #

35 # @since 2.0.0

61 end

62

63 it "raises ArgumentError for IPv6 addresses" do

64 expect(lambda { Tor::DNSEL.getaddress('::1') }).to raise_error(ArgumentError)

65 expect(lambda { Tor::DNSEL.getaddress(IPAddr.new('::1')) }).to raise_error(ArgumentError)

206 port_config.s.mode = CVMX_HELPER_INPUT_PORT_SKIP_MODE;

207

208 tag_config.s.ip6_src_flag = CVMX_HELPER_INPUT_TAG_IPV6_SRC_IP;

209 tag_config.s.ip6_dst_flag = CVMX_HELPER_INPUT_TAG_IPV6_DST_IP;

210 tag_config.s.ip6_sprt_flag = CVMX_HELPER_INPUT_TAG_IPV6_SRC_PORT;

211 tag_config.s.ip6_dprt_flag = CVMX_HELPER_INPUT_TAG_IPV6_DST_PORT;

212 tag_config.s.ip6_nxth_flag = CVMX_HELPER_INPUT_TAG_IPV6_NEXT_HEADER;

213 tag_config.s.ip4_src_flag = CVMX_HELPER_INPUT_TAG_IPV4_SRC_IP;

214 tag_config.s.ip4_dst_flag = CVMX_HELPER_INPUT_TAG_IPV4_DST_IP;

1 describe MiqWebServerWorkerMixin do

2 it "build_uri (ipv6)" do

3 test_class = Class.new do

4 include MiqWebServerWorkerMixin

69 validate_same_origin!(record_host)

70 address_str = if record_host.index(':')

71 # IPV6 address

72 "[#{record_host}]:#{port}"

73 else

132

133 if info.empty?

134 raise Error::WebDriverError, "unable to translate 'localhost' for TCP+IPv6"

135 end

136

130 :default_value => "/var/log/flapjack/flapper.log"

131

132 start.flag [:b, 'bind-ip'], :desc => 'ADDRESS (IPv4 or IPv6) for flapper to bind to',

133 :default_value => Flapjack::CLI::Flapper.local_ip

134

169 :default_value => "/var/log/flapjack/flapper.log"

170

171 restart.flag [:b, 'bind-ip'], :desc => 'ADDRESS (IPv4 or IPv6) for flapper to bind to',

172 :default_value => Flapjack::CLI::Flapper.local_ip

173

35 filter_table_config.add(:secondary_ip_ranges, field: :secondary_ip_ranges)

36 filter_table_config.add(:private_ip_google_accesses, field: :private_ip_google_access)

37 filter_table_config.add(:private_ipv6_google_accesses, field: :private_ipv6_google_access)

38 filter_table_config.add(:regions, field: :region)

39 filter_table_config.add(:log_configs, field: :log_config)

88 'secondaryIpRanges' => ->(obj) { return :secondary_ip_ranges, GoogleInSpec::Compute::Property::SubnetworkSecondaryIpRangesArray.parse(obj['secondaryIpRanges'], to_s) },

89 'privateIpGoogleAccess' => ->(obj) { return :private_ip_google_access, obj['privateIpGoogleAccess'] },

90 'privateIpv6GoogleAccess' => ->(obj) { return :private_ipv6_google_access, obj['privateIpv6GoogleAccess'] },

91 'region' => ->(obj) { return :region, obj['region'] },

92 'logConfig' => ->(obj) { return :log_config, GoogleInSpec::Compute::Property::SubnetworkLogConfig.new(obj['logConfig'], to_s) },

3 # URI defined in RFC3986

4 # this regexp is modified not to host is not empty string

5 RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/

6 RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+)\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/

79 SCHEME: /\A[A-Za-z][A-Za-z0-9+\-.]*\z/,

80 USERINFO: /\A(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*\z/,

81 HOST: /\A(?:(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{,4}::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))\z/,

82 ABS_PATH: /\A\/(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*(?:\/(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*)*\z/,

83 REL_PATH: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+(?:\/(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*)*\z/,

102 # @overload self.is_valid_ip?(version, ip)

103 # Checks if the given string is a valid IP address

104 # @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)

105 # @param [String] ip string to be tested

106 # @return [Boolean] true if the string is a valid IP address, otherwise false

107 #

108 # @overload self.is_valid_ip?(ip)

109 # Checks if the given string is either a valid IPv4 or IPv6 address

110 # @param [String] ip string to be tested

111 # @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false

118 ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}

119 (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x

120 when /^:ipv6$/

121 ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|

122 ([0-9a-f]{1,4}:){1,7}:|

19 def initialize(info = {})

20 super(merge_info(info,

21 'Name' => 'BSD Command Shell, Reverse TCP Inline (IPv6)',

22 'Description' => 'Connect back to attacker and spawn a command shell over IPv6',

45 ))

46 register_options([

47 OptInt.new('SCOPEID', [false, "IPv6 scope ID, for link-local addresses", 0])

48 ])

49 end

43

44 tests[:seq_10_v6] = {

45 desc: 'IPv6 Seq 10',

46 title_pattern: 'ipv6 address beaker6 10',

73 }

74

75 cisco_object_group { 'ipv6 address beaker6':

76 ensure => present,

77 }

73 #include <sys/wait.h>

74 #include <netinet/in.h>

75 #ifndef QT_NO_IPV6IFNAME

76 #include <net/if.h>

77 #endif