Monday 14 May 2012

Abusing VLANs With BackTrack


In this post I'm going to have a little fun with VLANs. As I've been studying for the CCNA cert I've been reading how great VLANs are, so in this post i'm going to have a little fun with some really cool tools from the Backtrack distro. My aim is to demonstrate why simlpy placing hosts in a seperate VLAN might sometimes not be enough if you really don't want anyone to have access to them. Let's get started.

Tools:

  • BackTrack.
  • Yersinia.
  • vconfig.
  • Wireshark.
  • Nmap.

I start off by connecting to the LAN and getting a network address
dhclient eth0
I can see that I'm attached to the network 10.0.1.0/24.
Next I fire up wireshark and check the network for DTP (Dynamic Trunking Protocol) frames and CDP (Cisco Discovery Protocol) frames.
I can see that I have both CDP and DTP frames present.
Now I want to tell the switch that my port is a trunk port, for this I'll use Yersinia and tell it to look at DTP.
yersinia -I
After I see DTP frames appear in Yersinia I launch the attack to configure the port for trunking.
Now I need to know the VLAN number that other networks are on. Before launching Yersinia I could only see traffic from my own network (10.0.1.0/24), now I can start to see traffic from hosts on another network (192.168.2.2).
Looking at the 802.1Q information in the frame I can see that the other network is on VLAN 2.
With this information I'll create a new interface in the new network and configure vconfig to tag the frames for VLAN2.
vconfig add eth0 2
ifconfig eth0.2 up
                       ifconfig eth0.2 192.168.2.200/24
                                                                  ifconfig
Now I check I can ping the host I saw with Wireshark and I have a quick look at it's ports with Nmap.
ping -c 2 192.168.2.2
nmap 192.168.2.2
Great, I have plenty here to play with, and on port 80 ...........
Okay obviously this was staged but hopefully it illustrates two things. VLANs can be abused and Yersinia rocks!!!!!!!!!


No comments:

Post a Comment