Someone with experience with Yersinia?
Well, I believe if you are reading this topic you should (at last I hope ) know how to use yersinia much better than me.
I was looking at the Yersinia man-page (http://linux.die.net/man/8/yersinia) and there is a example using option "-interface ethX", however this option do not exist at last version of yersinia. How I can force yersinia to use my interface eth3?
I would appreciate a lot if you could give me some hints...
I have a enviroment a bit different. I'm in a network with near 5 VLANs, I'm isolated in one without any connection, however I want to jump to the others. Yes, I'm authorized. But you can imagine what happen if I DoS the network, ahn?
My VLAN is not vulnerable to ARP Poison, also if it was, it would not help me, since our connections from this VLAN do not go abroad.
Also, the switch port is configured to prevent trunk negotiating and VLAN hopping. We have not VOIP phones.
What is the great. I executed yersinia and I can see some CDP and STP
in the network, so it give me a light in the end of the way...
By what I did read, the CDP are coming from the switch and I think it
will not be useful to hope to other VLANs, right? I mean - ALA voip-hopper (yes, it do not work in my case). Maybe there is other trick using Yersinia to bypass this restrictions using this CDP packets?
So, my ball number 7 should be the STP.
What Yersinia say about the STP packets it capture is:
My STP captured basic say:
Source Mac: <MAC>
Dest Mac: <MAC>
Ver: 00 STP
Type: 00 Conf STP
Flags: 00 NO FLAGS
RootId: <The Numer>
BridgeId: <The Number>
Port: <Port Number>
Any guess on how to use it to break into the other VLANs?
Any suggestion of attack via command-line or ncurses inferface for my
case? Please, no DOS, my goal is be able to jump to the other VLANs OR
mitm the traffic for the other VLANs.
Thanks so much.
Good friend of the forums
Guessing its cisco, but if you get a program to intercept or packets leaving your computer and add "Flags: 00 001" it should jump to the first vlan "Flags: 00 002" then second etc..
Havn't done this before, but i think thats how it works.