LAYER 2 ATTACK
Welcome to my blog post this is the second part of Layer 2 attack.
Let’s talk about some details and topics about this part which I have not covered yet, and also the interesting part for hackers is coming. Lets dive into it.)
Switches like other computers have a limited size of memory and is also true for the table holding MAC address information used by the switch to remember which MAC is on the which port and that can be also true for ARP cache.Sometimes switches might react weirdly when they have been attacked and when you do a buffer overflow attack thus this can be seem as DOS(denial of service) attack which giving up to switching and behaving you know like a normal hub and everything could be seem normally. You ought to control or test your switches I personally do not have a switch :) however, for people who have, they can test their switches so I want to show you a normal script which occurs for this attack.
quick info it normally generates random MAC address and sends them to your script and we can see that personally that it runs until the buffer is full thus take a look :)
RandMAC and RandIP which you see above take care that each byte and address will generate randomly and with sendp() does the rest which is done by loop parameter.
Before the explanation of this section I am going to briefly introduce what VLANs(virtual local are network) are isolated LAN segments which Administrator has the access to dive into specified groups and users onto that the machine and they don’t need to reconfigure the network or the VLAN group. Without VLANs, a broadcast sent from a host can easily reach all network devices.
So far so good we can now dive into VLANs Hopping what does it mean and how can we understand it so lets clarify it.
As you have read VLANs are no security mechanism because the additional security of a modern tagged VLAN on the one hand depends on a header and including the VLAN id so let’s use scapy library do not forget these scripts are written in Python not Python3
First we have to set the header and of most importantly not forget to including VLAN tag into the packet and after this we should include the destination host. The switch shall remove the first tag , than this going to decide how to react on the packet thus seeing the VLAN id 2 this decides to forward it to that VLAN Some switches this attack will only be successful if it connects to other VLAN enabled switches because of that it might not be able to work
we can play switch game:) because Linux runs on a lot of embedded network devices.All you need to do is install “vconfig”
It totally depends on your distro however, you can add your host to another VLAN like so;
After this progress you must remind to start the new device of course :) and an IP address which you must add like so;
ARP Spoofing Over VLAN Hopping
And we are going to combine ARP script over VLAN Hopping.
VLANs limit broadcast traffic to checking all ports which belong to the same VLAN before so therefore we cannot by default react to all ARP requests however, they have to proactively tell the victim our MAC every few seconds like (what you have seen in the first ARP spoofing in the first part of layer 2 attack) lets make it simple with a python script :)
Fortunately, it is not so complicated to protect from those kind of VLAN attack in order to fully separate your network just use physically divided switches so as to be fully separated networks.
There are lot of thing which could cover however, I am also a learner and i do not know everything :) just read some books which can affect your life and your hacking journey we have to read read read as always and keep motivate yourself and other people no one is professional just hack some boxes in HTB or Tryhackme and go for it.
MY ADVİCE TO ALL PEOPLE WHO JUST GOT INTO CYBERSECURITY WORLD
- listen to podcast such as dark-net diaries
- read read read some useful books such hacker-playbook
- CTF challenges start with easy boxes afterwards you will be able to start with medium and advanced boxes
- take notes and write-ups when you complete a CTF challenge
- learn and read,understand at least 1 hour about the methodology of cybersecurity and privilege escalation techniques
- create a linked-in account or twitter in order to connect experienced people in this field who can illustrate and help you throughout your specific path u can also participate CTF events at CTFtime.org :)
- here can be added more things think about and let me know
Thank you for u support for more CTF challenges and network / system security resources i will publish much more useful topics and about this kind of attack :) stay sharp and now i shall learn and improve myself see you:)
linkedin : https://www.linkedin.com/in/ahmetgöker