The Ethical Hacker Network

Latest Additions

Who's Online

EH-Net News Feeds

Latest Additions

EH-Net > Ethical Hacking Discussions and Related Certifications > Network Pen Testing (Moderator: don) > VLAN Hopping

Pages: [1] Go Down

« previous next »

	Author	Topic: VLAN Hopping (Read 2878 times)
0 Members and 1 Guest are viewing this topic.

T_Bone

Full Member

Offline

Posts: 199

VLAN Hopping

« on: October 24, 2011, 01:44:50 PM »

Hi

I want to test the security of VLANs currently in place and would like to know what the best tool is to try and hop from one VLAN to another. i.e. I am on network 192.168.1.x and can see some broadcast traffic on 192.168.2.x, however, I am unable to communicate with any hosts on the 192.168.2 network. Is there any tools that will allow me to do this or at least attempt it?


	Logged

hell_razor

Jr. Member

Offline

Posts: 83

Re: VLAN Hopping

« Reply #1 on: October 24, 2011, 01:56:41 PM »

I am not aware of any automated tools, but you might be able to find a scapy program/python script to generate the qtags to inject in the header. Many switches do not verify tagged vlans and will rely on the header info to properly "route" them.


	Logged

A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW

ziggy_567

Sr. Member

Offline

Posts: 302

Re: VLAN Hopping

« Reply #2 on: October 24, 2011, 02:31:13 PM »

Yersinia has some VLAN hopping capabilities...


	Logged

--
Ziggy

GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+

T_Bone

Full Member

Offline

Posts: 199

Re: VLAN Hopping

« Reply #3 on: October 24, 2011, 03:04:57 PM »

Thanks guys,

I just checked Yersinia and looks interesting


	Logged

hell_razor

Jr. Member

Offline

Posts: 83

Re: VLAN Hopping

« Reply #4 on: October 24, 2011, 03:46:03 PM »

Totally forgot about Yersinia, thanks Ziggy!


	Logged

A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW

Agoonie

Full Member

Online

Posts: 144

Re: VLAN Hopping

« Reply #5 on: October 25, 2011, 08:07:44 AM »

You could also use vconfig which I think is included on the later versions of Backtrack by default. It was also a technique used on one if the Skillz challenges here at EthicalHacker.net. It was a very cool challenge too. That might help you out. I would use wireshark once you have added the tags to your interface to ensure you are seeing what you need to.

http://www.ethicalhacker.net/content/view/278/2/

http://vimeo.com/6828914


	Logged

OSCE, OSCP, OSWP, CISSP, MEH...

MaXe

Hero Member

Offline

Posts: 507

I've just upgraded myself to a cyborg muahahaa!!1

Re: VLAN Hopping

« Reply #6 on: October 27, 2011, 04:28:16 PM »

Quote from: Agoonie on October 25, 2011, 08:07:44 AM

Thanks a ton, I actually need to update my knowledge about VLAN networks Grin


	Logged

I'm an InterN0T'er

Agoonie

Full Member

Online

Posts: 144

Re: VLAN Hopping

« Reply #7 on: October 28, 2011, 01:01:07 PM »

No problemo. Also, the backtrack forum has info on vlans and SIP too. I cannot remember the link but someone demonstrated a pentest where they got into the network thru the voip network to bypass NAC. Also, you could use GNS3 to simulate the VLANS, VOIP, etc:

http://www.backtrack-linux.org/forums/backtrack-howtos/35235-gns3-cisco3745-sip-server-preparation-simulated-voip-attacks.html


	Logged

OSCE, OSCP, OSWP, CISSP, MEH...

Pages: [1] Go Up

« previous next »

Jump to:

SANS Deals 4 EH-Netters

$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012

Recent Forum Topics