Note: this post was made in November 2015

My blog has moved: https://vincentyiu.co.uk

So today I decided to learn about VLAN attacks but every video I see just asks you to use yersinia or the frogger script. If you are reading this you probably saw all those and still have no idea what is happening.

So what I did was read the frogger script to see how it was grabbing information from tshark and parsing it to the user to be displayed.

From what I understand you can run:

tshark -R “vlan” -V -i eth1

To obtain the the verbose output of the vlan scans. If you scroll around you will see ” = ID: ” fields. These are the VLAN IDs we need and are looking for.

If we run the following command we can obtain information regarding the switch:

tshark -R “cdp” -V -i eth1

Information regarding the device name and management IP is displayed.

From this point on, from my n00bness as I still do not understand what is happening, just that I know on one of these VLANs I can access the management IP. I went ahead and decided to hop onto each one and see which one can route to it 😀

For example, if my list of IDs that I have discovered are 5, 10 and 15 then I would do the following:

modprobe 8021q

vconfig add eth1 5

ifconfig eth1.5 10.100.100.100 up

ping <management IP>

If it did not respond, I would try 10 and finally 15 until I found out which one this lived on.

Due to the environment I was in when I was performing the tests. I had to connect through an SSH box. Therefore, if possible to use the arp-scan tool, the following command will allow arp scanning with VLAN tags.

arp-scan -Q <VLANID> -I <INTERFACE>

)
Vincent Yiu

Written by

Advanced Threat Replication. Simulating real threat actors using bleeding edge techniques.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade