- In this video I'm gonna show you how to hack Cisco
switches using Kali Linux. In a previous video, I showed you how to get Kali
Linux downloaded and installed on a Windows 10 computer. So have a look at the video
which I've linked here or below. If you haven't got Kali
Linux installed and running, I basically show you how to
download a prebuilt version of Kali Linux and import it
into VMware Workstation Player, which is free software
that allows you to run Kali Linux on your Windows 10 computer. (upbeat music) Now before we get started, please consider subscribing
to my YouTube channel. Please like this video, if you enjoy it, and please click on the
bell to get notifications when I post a new video. All right, without further ado, let me show you how to
hack Cisco networks. In this video I'm gonna
demonstrate the use of Yersinia, which is a framework for
performing layer 2 attacks. It allows you to attack
multiple network protocols, including Spanning Tree, CDP
or Cisco Discovery Protocol, DTP or Dynamic Trunking Protocol, DHCP, HSRP, 802.1q, 802.1x, ISL and VLAN Trunking Protocol or VTP. So basically this application, allows you to hack multiple protocols, in Cisco networks. Doesn't just apply to Cisco networks, but some of these
protocols such as CDP, DTP, and HSRP are Cisco proprietary protocols. So this application is really geared for hacking Cisco networks. But you could use it for
hacking other protocols in, networks that have, other
vendor devices in it. Cisco is the biggest
networking vendor in the world. So, Cisco switches and
Cisco routers will be found in many, many corporate
environments around the world. So I'm gonna demonstrate how
to hack Cisco devices using Yersinia running in Kali Linux. Now in this basic network,
I've got a Cisco switch, this is a Catalyst 2960CG switch. The reason I'm using a
small switch like this is it's fan less so it
doesn't make a lot of noise. I've got a Windows 10 laptop, that I've connected physically
to the ethernet switch on port one. I've got a MacBook connected on port two. These devices are connected
via ethernet cables to the switch. I've also connected to
the console of the switch using a USB connection. In this example I'm also
controlling both of those devices from my local Mac. It just makes it easier
to do the recordings. So I've got the connection to the MacBook and I'm controlling that, via VNC, and I'm also controlling the
Windows computer via VNC. The Windows computer once again, is running Kali Linux within
VMware Workstation Player. Okay, so I'm gonna open up a terminal, and I'm going to type y-e-r-s tab, and you'll notice nothing happens. That's because this application
is no longer installed, by default in this latest
release of Kali Linux. So I'm gonna type apt-get update to update references, on, this Kali Linux host. And then I'm gonna say, apt get install yersinia. So I'm basically installing
this application, on Kali Linux. It used to be installed by default but in this release is
no longer installed. The version of Kali Linux
that I'm using is 2019.3. You simply need to wait now
for the application to install. Okay so it's now installed, so I'll clear the screen, and notice now when I type y-e-r-s tab, the command auto completes, and I can press dash
or hyphen h to get help about the application. So we told that we can get to
the application version number by using uppercase v, h displays this help screen, G gives us a graphical user interface, I is interactive, upper case d is Daemon mode, lowercase d is Debug mode. We've also got some logging options. So what I'm gonna type is yersinia -G to get a graphical user interface. Now we told that this is an
Alpha release, that's fine, for our example. Notice once again that multiple
protocols are supported, CDP, DHCP, 802.1q, 802.1x, DTP, HSRP, ISL, MPLS, STP, VTP, and we've got a log here. Now in this video, I'm assuming that you have
knowledge of these protocols. To be able to hack networks, you need to have an
understanding of the protocols that network devices use. Now if you don't know
what those protocols are, have a look at some of the
videos that I've linked below, or have a look at my
course, in my CCNA course, I teach a lot of these protocols. You don't have to take my
course if you don't want to, have a look at other videos on YouTube or, other CCNA courses, but for this video I'm assuming that you have knowledge
of these protocols. Now in this example, I'll start Putty. Because what I wanna do
is connect to the console of the Cisco switch and show you how the
switch has been configured. Before I do that, we need to know which console port to use. So I'm gonna go to device manager, and here I can see that USB Serial Device (COM3) is being used. So I'm gonna specify COM3
in Putty and click Open. And now I'm connected to this switch. This switch has not been
configured with best practices and that's a problem. Because with hacking
tools like Kali Linux, if you don't configure, a
network device properly, hackers can get access to your
network very, very easily. So if I typed sh run on this switch, it's got two DHCP pools configured. Port one on the switch
is configured in VLAN1 and port two is configured in VLAN2. In other words this laptop
is in a different VLAN to that laptop, but we're not going to let that stop us. Scrolling down, you can see that interface gigabit 0/1 is configured with defaults, very bad idea. You don't wanna use default
configurations on a switch port on a switch. You should at least shut down, ports on a switch that are not in use, or put them in a separate VLAN. Or stop protocols like DTP being used. So as an example, show
int g0/1 switchport. What you'll notice, is negotiation of trunking is on, current administrative
mode is dynamic auto. We've got DTP enabled, on this port. That's something we don't wanna do. So this command show interface
port number switch port shows us that the port
is configured in VLAN1, but DTP is enabled on that port. So again, sh run int g0/1, that's the configuration of port one, here's the configuration of port two. I'll put the switches
configuration below the video, if you wanna have a look at
the switches configuration offline. But apart from that, this switch also doesn't
have routing enabled. That means that there's no routing, from one VLAN to another on this switch. At the moment VLAN1 is down
because I haven't plugged in my Kali Linux PC. So let me do that. And what we should notice is
the port on the switch comes up and it does. So sh ip int brief. This VLAN is still down, but we can see that, interface gigabit 0/1 has come up. So after a while, that SVI or switched virtual
interface should come up. And there you go, it's now come up. So VLAN1 and VLAN2 are
configured on the switch. The switch is acting as a DHCP server and allocating IP addresses, to devices, in the relevant VLANs, sh vlan, shows us that, gigabit 0/1 is in VLAN1, gigabit 0/2 is in VLAN2. The MacBook has been
allocated to this IP address. 10.1.2.1 by the DHCP server. We can see that on the
switch by tapping sh ip dhcp bindings. So that IP address has been
allocated to the MacBook. According to the switch this IP address has also been allocated and that's probably my Windows computer. Change the font size here
to make it easier to see. So command prompt, ipconfig. This Windows computer, has
been allocated this IP address. But the PCs won't be
able to ping each other because IP routing is
disabled on the switch. There's no routing from
one VLAN to another in this topology. So on my MacBook as an example, if the MacBook tries to
ping the Windows computer it can't do that, because IP routing is disabled. There's no routing between the VLANs, but that's not gonna stop us once again. Now currently the Kali Linux host, is configured to use NAT. And it's been using, my wireless connection to
get access to the internet. This little network here doesn't
have any internet access. So what I'm gonna do is
I'm going to bridge, the, Kali Linux host, to the Realtek USB Gigabit
Ethernet Family Controller. So I'm gonna bridge it to
this ethernet connection, and click OK. So in Kali Linux, I'll open up another terminal window, ifconfig will show us the IP address, at the moment no IP
address has been allocated. Do that command again, and notice 10.1.1.3 has been allocated. So on the switch, sh ip dhcp bindings, this IP address has been
allocated to the Kali Linux host. So that means I've got three
devices in this topology, physical Windows PC, MacBook, plus Kali Linux virtual computer. So let's use Kali now to hack the network. Okay so, it's already picked up that it's connected to a switch through CDP. So we already know that we
connected to a Cisco switch. On the Cisco switch, sh cdp nei, it doesn't see any
neighbors at the moment, but what we could do, is launch an attack, and send a CDP packet and click OK. In the log, we can see that an attack was launched and it's now finished. So back on the switch sh cdp nei, still don't see a neighbor. So let's flood the CDP
table of that switch. So as you can see, a lot of CDP packets are being sent out, on the switch sh cdp nei, notice we suddenly have, a huge amount of, CDP neighbors, and you can see the
platform here is Yersinia. So, we are flooding the CDP
neighbor table on the switch. That isn't really a fantastic attack, but it just shows you, that by a simple attack,
I can flood the CDP table of that switch. Notice how many packets
are being sent out. After a short while you'll see this has
increased dramatically. The CPU on that laptop is going crazy. The lights on that switch are going mad. I am essentially flooding, this switch, with a lot of neighbor relationships. So if I typed sh cdp traffic, you'll notice a lot of input packets are being received by the switch. A lot of attack packets. To stop this, go to Actions, List Attacks, and I'm gonna say stop all attacks. If you wanna shut the program
down and stop the attack, click Exit, but you probably
wanna go to Actions, List Attacks, and then you can shut down the attacks. Now because this network is small, I mean there's only one
switch in this topology, I can't show you large scale attacks, but I'll continue showing
you some basic attacks which you can then apply
to larger topologies, I'll show you larger
topologies in separate videos. Now very basic, attack
that can be used is, attacking Spanning Tree. At the moment in this network
sh spanning-tree shows me that the switch is the
root of the topology. Gigabit 0/1 is forwarding on VLAN1. Switch is the root for VLAN1. For VLAN2, switch is also the root. So VLAN2 switch is the root. Port that's forwarding is gigabit 0/2. I only have two ports
currently up in this topology. Port one is in VLAN1, we can see that with the
show vlan brief command. So gigabit 0/1 is currently in VLAN1, gigabit 0/2 is configured in VLAN2. I only have two ports,
plugged into the switch. And again, port one is in VLAN1, port two is in VLAN2, show spanning-tree root shows us that, the current switch is the
root for VLAN1 and VLAN2, we can see the root cost is
zero for both those VLANs. And again we can use the
show spanning-tree command to see that the switch is
the root for VLAN1 and VLAN2. But let's change that. So I'm gonna launch an attack, in this case it's a spanning tree attack. We going to claim root role, and click OK. So Yersinia has picked up that there's a switch in the topology, but we going to claim to be the root. So on the switch, show spanning-tree, notice for VLAN1, the switch
is no longer the root, it has a cost of four to get to the root. We can see that gigabit 0/1 is a root port with a cost of four. Previously, the port was
a designated port when, the switch was the root. So we've changed the role, to root, this is the port that the
physical switch is gonna use to get to the root bridge
which is currently Kali Linux. For VLAN2 we can see
that the switch is root, notice gigabit 0/2 is a designated port. Now, I won't have time to go
through all the protocols. There's a lot of things you
can do just with Yersinia within Kali Linux. I'll show you other hacks
in subsequent videos, but please if you enjoyed this video, subscribe to my YouTube channel, like the video and click on the bell to get notifications when I post a new video. (upbeat music)
