In this post I'm going to have a little fun with VLANs. As I've been studying for the CCNA cert I've been reading how great VLANs are, so in this post i'm going to have a little fun with some really cool tools from the Backtrack distro. My aim is to demonstrate why simlpy placing hosts in a seperate VLAN might sometimes not be enough if you really don't want anyone to have access to them. Let's get started.
Tools:
I start off by connecting to the LAN and getting a network address
dhclient eth0
I can see that I'm attached to the network 10.0.1.0/24.
Next I fire up wireshark and check the network for DTP (Dynamic Trunking Protocol) frames and CDP (Cisco Discovery Protocol) frames.
I can see that I have both CDP and DTP frames present.Now I want to tell the switch that my port is a trunk port, for this I'll use Yersinia and tell it to look at DTP.
yersinia -I
After I see DTP frames appear in Yersinia I launch the attack to configure the port for trunking.
Now I need to know the VLAN number that other networks are on. Before launching Yersinia I could only see traffic from my own network (10.0.1.0/24), now I can start to see traffic from hosts on another network (192.168.2.2).
Looking at the 802.1Q information in the frame I can see that the other network is on VLAN 2.With this information I'll create a new interface in the new network and configure vconfig to tag the frames for VLAN2.
vconfig add eth0 2
ifconfig eth0.2 up
ifconfig eth0.2 192.168.2.200/24
ifconfigNow I check I can ping the host I saw with Wireshark and I have a quick look at it's ports with Nmap.
ping -c 2 192.168.2.2
nmap 192.168.2.2
Great, I have plenty here to play with, and on port 80 ...........Okay obviously this was staged but hopefully it illustrates two things. VLANs can be abused and Yersinia rocks!!!!!!!!!
No comments:
Post a Comment