Penetration Testing mailing list archives
Someone with experience in CDP / STP attacks?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 12 Mar 2009 16:29:17 -0300
Hi I appreciate any feedback from people with background in CDP and SPT attacks... I was looking at the Yersinia man-page (http://linux.die.net/man/8/yersinia) and there is a example using option "-interface ethX", however this option do not exist at last version of yersinia. How I can force yersinia to use my interface eth3? I would appreciate a lot if you could give me some hints... I have a enviroment a bit different. I'm in a network with near 5 VLANs, I'm isolated in one without any connection, however I want to jump to the others. Yes, I'm authorized. But you can imagine what happen if I DoS the network, ahn? My VLAN is not vulnerable to ARP Poison, also if it was, it would not help me, since our connections from this VLAN do not go abroad. Also, the switch port is configured to prevent trunk negotiating and VLAN hopping. We have not VOIP phones. What is the great. I executed yersinia and I can see some CDP and STP in the network, so it give me a light in the end of the way... By what I did read, the CDP are coming from the switch and I think it will not be useful to hope to other VLANs, right? I mean - ALA voip-hopper (yes, it do not work in my case). Maybe there is other trick using Yersinia to bypass this restrictions using this CDP packets? So, my ball number 7 should be the STP. What Yersinia say about the STP packets it capture is: My STP captured basic say: Source Mac: <MAC> Dest Mac: <MAC> Id: 0000 Ver: 00 STP Type: 00 Conf STP Flags: 00 NO FLAGS RootId: <The Numer> BridgeId: <The Number> Port: <Port Number> Age: 0000 Max: 0012 Hello: 0002 Any guess on how to use it to break into the other VLANs? I mean, when you use SPT attack, you MITM only the VLAN where you are (like in a ARP Poison)? Or you are able to MITM all VLANs in the switch? Any suggestion of attack via command-line or ncurses inferface for my case? Please, no DOS, my goal is be able to jump to the other VLANs OR mitm the traffic for the other VLANs. I did read all documents from Yersinia, the README and the Phrack document, but it couldn't clarify this doubts. Thanks so much.
Current thread:
- Someone with experience in CDP / STP attacks? Richard Miles (Mar 12)
- Re: Someone with experience in CDP / STP attacks? rajat swarup (Mar 15)
- Re: Someone with experience in CDP / STP attacks? Richard Miles (Mar 15)
- Re: Someone with experience in CDP / STP attacks? jgimer (Mar 17)
- Re: Someone with experience in CDP / STP attacks? Richard Miles (Mar 15)
- Re: Someone with experience in CDP / STP attacks? rajat swarup (Mar 15)