Results 1 to 2 of 2

Thread: Someone with experience with Yersinia?

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    24

    Default Someone with experience with Yersinia?

    Hi guys!

    Well, I believe if you are reading this topic you should (at last I hope ) know how to use yersinia much better than me.

    I was looking at the Yersinia man-page (http://linux.die.net/man/8/yersinia) and there is a example using option "-interface ethX", however this option do not exist at last version of yersinia. How I can force yersinia to use my interface eth3?

    I would appreciate a lot if you could give me some hints...

    I have a enviroment a bit different. I'm in a network with near 5 VLANs, I'm isolated in one without any connection, however I want to jump to the others. Yes, I'm authorized. But you can imagine what happen if I DoS the network, ahn?

    My VLAN is not vulnerable to ARP Poison, also if it was, it would not help me, since our connections from this VLAN do not go abroad.

    Also, the switch port is configured to prevent trunk negotiating and VLAN hopping. We have not VOIP phones.

    What is the great. I executed yersinia and I can see some CDP and STP
    in the network, so it give me a light in the end of the way...

    By what I did read, the CDP are coming from the switch and I think it
    will not be useful to hope to other VLANs, right? I mean - ALA voip-hopper (yes, it do not work in my case). Maybe there is other trick using Yersinia to bypass this restrictions using this CDP packets?

    So, my ball number 7 should be the STP.

    What Yersinia say about the STP packets it capture is:

    My STP captured basic say:

    Source Mac: <MAC>
    Dest Mac: <MAC>
    Id: 0000
    Ver: 00 STP
    Type: 00 Conf STP
    Flags: 00 NO FLAGS
    RootId: <The Numer>
    BridgeId: <The Number>
    Port: <Port Number>
    Age: 0000
    Max: 0014
    Hello: 0002

    Any guess on how to use it to break into the other VLANs?

    Any suggestion of attack via command-line or ncurses inferface for my
    case? Please, no DOS, my goal is be able to jump to the other VLANs OR
    mitm the traffic for the other VLANs.

    Thanks so much.

  2. #2
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Flags: 00 NO FLAGS
    Guessing its cisco, but if you get a program to intercept or packets leaving your computer and add "Flags: 00 001" it should jump to the first vlan "Flags: 00 002" then second etc..

    Havn't done this before, but i think thats how it works.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •