.

VLAN Hopping

<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Oct 24, 2011 1:44 pm

VLAN Hopping

Hi

I want to test the security of VLANs currently in place and would like to know what the best tool is to try and hop from one VLAN to another. i.e. I am on network 192.168.1.x and can see some broadcast traffic on 192.168.2.x, however, I am unable to communicate with any hosts on the 192.168.2 network. Is there any tools that will allow me to do this or at least attempt it?
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Mon Oct 24, 2011 1:56 pm

Re: VLAN Hopping

I am not aware of any automated tools, but you might be able to find a scapy program/python script to generate the qtags to inject in the header.  Many switches do not verify tagged vlans and will rely on the header info to properly "route" them.
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Oct 24, 2011 2:31 pm

Re: VLAN Hopping

Yersinia has some VLAN hopping capabilities...
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Oct 24, 2011 3:04 pm

Re: VLAN Hopping

Thanks guys,

I just checked Yersinia and looks interesting :)
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Mon Oct 24, 2011 3:46 pm

Re: VLAN Hopping

Totally forgot about Yersinia, thanks Ziggy!
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Tue Oct 25, 2011 8:07 am

Re: VLAN Hopping

You could also use vconfig which I think is included on the later versions of Backtrack by default.  It was also a technique used on one if the Skillz challenges here at EthicalHacker.net.  It was a very cool challenge too.  That might help you out.  I would use wireshark once you have added the tags to your interface to ensure you are seeing what you need to. 


http://www.ethicalhacker.net/content/view/278/2/

http://vimeo.com/6828914
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Oct 27, 2011 4:28 pm

Re: VLAN Hopping

Agoonie wrote:You could also use vconfig which I think is included on the later versions of Backtrack by default.  It was also a technique used on one if the Skillz challenges here at EthicalHacker.net.  It was a very cool challenge too.  That might help you out.  I would use wireshark once you have added the tags to your interface to ensure you are seeing what you need to. 


http://www.ethicalhacker.net/content/view/278/2/

http://vimeo.com/6828914


Thanks a ton, I actually need to update my knowledge about VLAN networks  ;D
I'm an InterN0T'er
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Fri Oct 28, 2011 1:01 pm

Re: VLAN Hopping

No problemo.  Also, the backtrack forum has info on vlans and SIP too.  I cannot remember the link but someone demonstrated a pentest where they got into the network thru the voip network to bypass NAC.  Also, you could use GNS3 to simulate the VLANS, VOIP, etc:

http://www.backtrack-linux.org/forums/b ... tacks.html
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software