1
00:00:00,150 --> 00:00:05,610
In this video I'm going to show you how to hack Cisco switches using Kelly Linux in a previous video

2
00:00:06,030 --> 00:00:11,280
I showed you how to get Kelly Linux downloaded and installed on a Windows 10 computer.

3
00:00:11,410 --> 00:00:14,070
So have a look at the video which I've linked here or below.

4
00:00:14,370 --> 00:00:19,980
If you haven't got Kelly Linux installed and running I basically show you how to download a pre-built

5
00:00:20,100 --> 00:00:26,100
version of Kelly Linux and imported into VM workstation player which is free software that allows you

6
00:00:26,100 --> 00:00:29,280
to run Kelly Linux on your windows 10 computer

7
00:00:42,820 --> 00:00:43,670
all right.

8
00:00:43,670 --> 00:00:48,340
Without further ado let me show you how to hack Cisco networks in this video.

9
00:00:48,340 --> 00:00:54,210
I'm going to demonstrate to the use of your senior which is a framework for performing layer two attacks.

10
00:00:54,230 --> 00:01:01,670
It allows you to attack multiple network protocols including spanning tree CTP or Cisco Discovery Protocol

11
00:01:01,790 --> 00:01:10,670
DTP or dynamic trucking protocol DHEA P H.S. op ed the one Q edited a 1 x ISIL and veal and trucking

12
00:01:10,670 --> 00:01:12,650
protocol or CTP.

13
00:01:12,680 --> 00:01:20,270
So basically this application allows you to hack multiple protocols in Cisco networks doesn't just apply

14
00:01:20,270 --> 00:01:27,890
to Cisco networks but some of these protocols such as DP DTP and Aegis IP or Cisco proprietary protocols.

15
00:01:27,920 --> 00:01:34,190
So this application is really geared for hacking Cisco networks but you could use it for hacking other

16
00:01:34,190 --> 00:01:39,470
protocols in networks that have other vendor devices in it.

17
00:01:39,500 --> 00:01:42,260
Cisco is the biggest networking vendor in the world.

18
00:01:42,260 --> 00:01:49,400
So Cisco switches and Cisco riders will be found in many many corporate environments around the world.

19
00:01:49,490 --> 00:01:57,100
So I'm going to demonstrate how to hack Cisco devices using Yersinia running in Kelly Linux.

20
00:01:57,200 --> 00:02:00,300
Now in this basic network I've got a Cisco switch.

21
00:02:00,410 --> 00:02:03,890
This is a catalyst 29 60 C.G. switch.

22
00:02:03,890 --> 00:02:06,940
The reason I'm using a small switch like this is it's fabulous.

23
00:02:06,970 --> 00:02:08,800
So it doesn't make a lot of noise.

24
00:02:08,870 --> 00:02:17,600
I've got a Windows 10 a laptop that I've connected physically to the Ethernet switch on port one I've

25
00:02:17,600 --> 00:02:20,740
got a Macbook connected on Port 2.

26
00:02:20,750 --> 00:02:24,950
These devices are connected via ethernet cables to the switch.

27
00:02:24,950 --> 00:02:29,790
I've also connected to the console of the switch using a USB B connection.

28
00:02:29,900 --> 00:02:35,620
In this example I'm also controlling both of those devices from my local Mac.

29
00:02:35,660 --> 00:02:38,080
It just makes it easier to do the recordings.

30
00:02:38,240 --> 00:02:45,560
So I've got the connection to the MacBook and I'm controlling that via the NC and I'm also controlling

31
00:02:45,560 --> 00:02:49,550
the windows computer via VANOC the Windows computer.

32
00:02:49,550 --> 00:02:55,350
Once again is running Kelly Linux within VMware Workstation player.

33
00:02:56,520 --> 00:03:07,170
Okay so I'm gonna open up a terminal and I'm going to type y e r s tab and you'll notice nothing happens.

34
00:03:07,450 --> 00:03:15,700
That's because of this application is no longer installed by default in this latest release of Kelly

35
00:03:15,700 --> 00:03:25,060
Linux some of the type apt get updated to update references on this Kelly linux host and then I'm gonna

36
00:03:25,060 --> 00:03:29,410
say apt get install your senior

37
00:03:35,450 --> 00:03:41,120
so I'm basically installing this application on Kelly Linux.

38
00:03:41,120 --> 00:03:46,020
It used to be installed by default but in this release is no longer installed.

39
00:03:46,310 --> 00:03:54,240
The version of Kelly Linux that I'm using is 2019 got three you simply need to wait now for the application

40
00:03:54,240 --> 00:04:00,940
to install Okay so it's now installed solved clear the screen and notice.

41
00:04:00,950 --> 00:04:10,220
Now when I type of y e r s tab the command order completes and I compress dash or hyphen H to get help

42
00:04:10,310 --> 00:04:11,900
about to the application.

43
00:04:12,050 --> 00:04:18,620
So we told that we can get to the application version number by using uppercase V H displays this help

44
00:04:18,620 --> 00:04:26,510
screen G gives us a graphical user interface ie is interactive uppercase D daemon mode lowercase d debug

45
00:04:26,510 --> 00:04:27,240
mode.

46
00:04:27,320 --> 00:04:30,770
We've also got some logging options.

47
00:04:30,770 --> 00:04:37,350
So what I'm going to type is senior dash g to get a graphical user interface.

48
00:04:37,370 --> 00:04:42,720
Now we're told that this is an alpha release that's fine for our example.

49
00:04:43,010 --> 00:04:50,710
Notice once again that multiple protocols are supported CTP DHEA P edited at 1 q edited at 1 x DTP H

50
00:04:50,720 --> 00:05:01,070
S R P ISIL NPL s SDP V.P. and we've got a log here now in this video I'm assuming that you have knowledge

51
00:05:01,070 --> 00:05:06,860
of these protocols to be able to hack networks you need to have an understanding of the protocols that

52
00:05:06,860 --> 00:05:12,160
network devices use now if you don't know what those protocols are.

53
00:05:12,170 --> 00:05:17,420
Have a look at some of the videos that have link below or have a look at my course in my CCN and a course

54
00:05:17,450 --> 00:05:21,950
I teach a lot of these protocols you don't have to take my course if you don't want to have a look at

55
00:05:21,980 --> 00:05:27,440
other videos on YouTube or other CCN courses but for this video I'm assuming that you have knowledge

56
00:05:27,440 --> 00:05:31,500
of these protocols now in this example.

57
00:05:31,500 --> 00:05:38,510
I'll start Patty because what I want to do is connect to the console of the Cisco switch and show you

58
00:05:38,510 --> 00:05:47,250
how the switch is being configured before I do that we need to know which console port to use going

59
00:05:47,250 --> 00:05:53,180
to go to device manager and here I can see that USP serial device.

60
00:05:53,180 --> 00:06:07,080
Com 3 is being used so I'm gonna specify Com 3 in P and click open and now I'm connected to this switch.

61
00:06:07,120 --> 00:06:12,880
The switch has not been configured with best practices and that's a problem because with hacking tools

62
00:06:12,880 --> 00:06:18,700
like Kelly Linux if you don't configure a network device properly hackers can get access to your network

63
00:06:18,730 --> 00:06:20,220
very very easily.

64
00:06:20,420 --> 00:06:21,940
If I touch your run on the switch

65
00:06:25,190 --> 00:06:33,720
it's got to DHB pools configured port one on the switch is configured in veal and one and port two is

66
00:06:33,720 --> 00:06:35,360
configured in and two.

67
00:06:35,400 --> 00:06:41,310
In other words this laptop is in a different VLAN to that laptop but we're not going to let that stop

68
00:06:41,310 --> 00:06:44,970
us scrolling down.

69
00:06:44,970 --> 00:06:49,890
You can see that interface gigabyte 0 1 is configured with defaults.

70
00:06:49,980 --> 00:06:51,610
Very bad idea.

71
00:06:51,750 --> 00:06:56,730
You don't want to use default configurations on a switch port on a switch.

72
00:06:56,730 --> 00:07:00,940
You should at least shut down ports on a switch that are not in use.

73
00:07:00,990 --> 00:07:09,140
Or put them in a separate VLAN or stop protocols like DTP being used so as an example show interface

74
00:07:09,150 --> 00:07:18,230
gigabit 01 switch port what you'll notice is negotiation of trucking is on current administrative mode

75
00:07:18,260 --> 00:07:26,110
is dynamic auto we've got DTP enabled on this port that's something we don't want to do.

76
00:07:26,300 --> 00:07:33,440
So this command show interface port number switch port shows us that the port is configured and VLAN

77
00:07:33,440 --> 00:07:36,860
1 but to DDP is enabled on that port.

78
00:07:37,370 --> 00:07:40,120
So again show run interface gigabit 01.

79
00:07:40,160 --> 00:07:42,140
That's the configuration of Port 1.

80
00:07:42,210 --> 00:07:44,030
Here's the configuration of Port 2.

81
00:07:44,140 --> 00:07:50,090
I'll put the switches configuration below the video if you want to have a look at the switches configuration

82
00:07:50,400 --> 00:07:51,010
or flying.

83
00:07:51,830 --> 00:07:57,700
But apart from that the switch also doesn't have writing enabled.

84
00:07:58,060 --> 00:08:06,530
That means that there's no routing from one VLAN to another on the switch at the moment.

85
00:08:06,540 --> 00:08:13,460
Veal and one is down because I haven't plugged in my Kelly Linux SPC so let me do that

86
00:08:16,680 --> 00:08:22,800
and what we should notice is the port on the switch comes up and it does so show IP interface brief

87
00:08:23,440 --> 00:08:30,690
thus veal V'landys install down but we can see that interface gigabit 0 1 has come up.

88
00:08:30,690 --> 00:08:38,130
So after a while that XVI will switch to virtual interface should come up and there you go.

89
00:08:38,130 --> 00:08:46,280
It's now come up Savill and want to volunteer configured on the switch the switch is acting as a DHB

90
00:08:46,280 --> 00:08:55,550
server and allocating IP addresses to devices in the relevant V'landys show lan shows us that gigabit

91
00:08:55,550 --> 00:09:05,150
to 0 1 is in VLAN 1 gigabit 02 isn't violent to the Mac has been allocated to this IP address 10 1 2

92
00:09:05,150 --> 00:09:16,750
1 by the DHB server we can see that on the switch by typing show IP DHEA P bindings so that IP address

93
00:09:16,750 --> 00:09:23,320
has been allocated to the MacBook according to the switch this IP address has also been allocated and

94
00:09:23,320 --> 00:09:25,870
that's probably my windows computer

95
00:09:29,620 --> 00:09:32,560
changed the font size had to make it easier to see

96
00:09:35,960 --> 00:09:41,390
so command prompt IP config.

97
00:09:41,600 --> 00:09:49,400
This Windows computer has been allocated this IP address but the pieces won't be able to ping each other

98
00:09:49,910 --> 00:09:53,870
because IP routing is disabled on the switch.

99
00:09:53,870 --> 00:09:59,240
There's no routing from one VLAN to another in this topology.

100
00:09:59,240 --> 00:10:06,920
So on my macbook as an example if the MacBook tries to ping the windows computer it can't do that because

101
00:10:06,920 --> 00:10:09,290
IP routing is disabled.

102
00:10:09,620 --> 00:10:15,660
There's no routing between the violence but that's not going to stop us once again.

103
00:10:15,750 --> 00:10:28,240
Now currently the Kelly linux host is configured to use Nat and it's been using my wireless connection

104
00:10:28,240 --> 00:10:30,260
to get access to the Internet.

105
00:10:30,310 --> 00:10:33,330
This little network here doesn't have any internet access.

106
00:10:33,550 --> 00:10:43,320
So what I'm gonna do is I'm going to breach the Kelly linux host to the real tech USP Gigabit Ethernet

107
00:10:43,530 --> 00:10:44,910
family controller.

108
00:10:45,150 --> 00:10:50,250
So I'm gonna bridge it to this Ethernet connection and click Okay.

109
00:10:52,420 --> 00:11:00,520
So in Kelly Linux I'll open up another terminal window ie if config will show us the IP address at the

110
00:11:00,520 --> 00:11:01,080
moment.

111
00:11:01,120 --> 00:11:05,420
No IP address has been allocated do that command again.

112
00:11:05,510 --> 00:11:09,360
And notice 10 1 1 3 has been allocated.

113
00:11:09,410 --> 00:11:13,570
So on the switch show IP DHB bindings.

114
00:11:13,760 --> 00:11:18,080
This IP address has been allocated to the Kelly linux host.

115
00:11:18,080 --> 00:11:23,160
So that means I've got three devices in this topology physical windows P.C. MacBook.

116
00:11:23,240 --> 00:11:26,320
Plus Kelly Linux virtual computer.

117
00:11:26,360 --> 00:11:29,440
So let's use Kelly now to hack the network.

118
00:11:32,180 --> 00:11:40,450
Okay so it's already picked up that it's connected to a switch through CTP so we already know that we

119
00:11:40,450 --> 00:11:44,870
connected to a Cisco switch on the Cisco switch show CTP neighbor.

120
00:11:44,950 --> 00:11:54,250
It doesn't see any neighbors at the moment but what we could do is launch an attack and send a CTP packet

121
00:11:54,640 --> 00:12:02,110
and click okay in the log we can see that an attack was launched and it's now finished.

122
00:12:02,110 --> 00:12:10,280
So back on the switch show CTP neighbors stalled and see a neighbor so let's flood the CDC table of

123
00:12:10,280 --> 00:12:13,150
that switch.

124
00:12:13,220 --> 00:12:21,950
So as you can see a lot of CTP packets are being sent out on the switch show CTP neighbors notice we

125
00:12:21,950 --> 00:12:30,070
suddenly have a huge amount of sleepy neighbors and you can see the platform here is your senior.

126
00:12:30,590 --> 00:12:35,660
So we are flooding the CTP neighbor table on the switch.

127
00:12:35,660 --> 00:12:42,290
That isn't really a fantastic attack but it just shows you that by a simple attack I can flood the CTP

128
00:12:42,290 --> 00:12:43,940
table of that switch.

129
00:12:43,940 --> 00:12:49,760
Notice how many packets are being sent out after a short while you'll see this has increased dramatically

130
00:12:49,760 --> 00:12:52,430
the CPI on that laptop is going crazy.

131
00:12:52,490 --> 00:12:55,930
The lights on that switch are going mad.

132
00:12:55,970 --> 00:13:05,670
I am essentially flooding this switch with a lot of neighbor relationships.

133
00:13:06,110 --> 00:13:16,890
If I type show CTP traffic you'll notice a lot of input packets are being received by the switch.

134
00:13:16,920 --> 00:13:22,380
A lot of attack packets to stop this go to actions list attacks.

135
00:13:24,410 --> 00:13:30,640
And I'm going to say stop all attacks if you wanna shut the program down and stop the attack.

136
00:13:30,860 --> 00:13:32,240
Click exit.

137
00:13:32,240 --> 00:13:39,120
But you probably want to go to actions list attacks and then you can shut down the attacks.

138
00:13:39,380 --> 00:13:41,180
Now because this network is small.

139
00:13:41,210 --> 00:13:43,580
I mean there's only one switch in this topology.

140
00:13:43,640 --> 00:13:49,400
I can't show you large scale attacks but I'll continue showing you some basic attacks which you can

141
00:13:49,400 --> 00:13:50,440
then apply to logic.

142
00:13:50,440 --> 00:13:51,080
Apologies.

143
00:13:51,080 --> 00:13:51,870
I'll show you a lodger.

144
00:13:51,870 --> 00:13:54,380
Apologies in separate videos.

145
00:13:54,380 --> 00:14:02,330
Now very basic attack that can be used is attacking spanning tree at the moment in this network show

146
00:14:02,330 --> 00:14:10,700
spanning tree shows me that the switch is the root of the topology gigabit 0 1 is forwarding on VLAN

147
00:14:10,700 --> 00:14:16,340
1 switches the route for VLAN 1 for violent 2 switches.

148
00:14:16,340 --> 00:14:23,220
Also the route so violent to switch is the route port that's forwarding is gigabit 0 2.

149
00:14:23,840 --> 00:14:30,590
I only have two ports currently up in this topology port one is in Vila and one we can see that with

150
00:14:30,590 --> 00:14:39,840
the show v land brief command so gigabit 0 1 is currently in V land 1 gigabit 0 is configured and violent

151
00:14:39,870 --> 00:14:47,990
to only have two ports plugged into the switch and again port one is in VLAN one port 2 is in V land

152
00:14:48,000 --> 00:14:59,500
2 shows spanning tree root shows us that the current Switch is the route for VLAN 1 and V land too.

153
00:14:59,670 --> 00:15:07,170
We can see the route cost is 0 for both those v lines and again we can use the show spanning tree command

154
00:15:07,170 --> 00:15:11,980
to see that the switch is the route for VLAN 1 and V land 2.

155
00:15:12,060 --> 00:15:13,350
But let's change that.

156
00:15:14,040 --> 00:15:21,960
So I'm going to launch an attack in this case it's a spanning tree attack we going to claim route roll

157
00:15:22,710 --> 00:15:23,570
and click Okay.

158
00:15:24,840 --> 00:15:31,600
So Yesenia has picked up that there's a switch in the topology but we going to claim to be the route.

159
00:15:31,800 --> 00:15:39,680
So on the switch show spanning tree notice for VLAN 1 the switch is no longer the route it has a cost

160
00:15:39,680 --> 00:15:48,290
of 4 to get to the route we can see that gigabit 0 1 is a route port where the cost of 4 previously

161
00:15:48,680 --> 00:15:53,810
the port was a designated port when the switch was the route.

162
00:15:54,350 --> 00:15:58,080
So we've changed the role to route.

163
00:15:58,430 --> 00:16:02,900
This is the port that the physical switch is going to use to get to the root Bridge which is currently

164
00:16:03,230 --> 00:16:11,210
Kelly Linux for veal two we can see that the switch is route notice gigabit 02 is a designated port.

165
00:16:11,210 --> 00:16:14,000
Now I won't have time to go through all the protocols.

166
00:16:14,000 --> 00:16:18,540
There's a lot of things you can do just with your senior within Kelly Linux.

167
00:16:18,620 --> 00:16:21,140
I'll show you other hacks in subsequent videos.