CDP Flooding Attack for Denial of Service of Cisco Switches

Very simple attack to launch.. will cause a DoS attack for a Cisco Switch. By flooding the CDP table switch gets an overhead in processes and will not be able to handle user traffic as usual.

Tools used: Yersinia in Kali Linux

Boot up the Kali Linux box from either Live USB or from a dedicated PC and connect it to a Cisco switch and enter the following command in terminal.
yersinia -G

It will start the GUI of Yersinia tool.. (click on the images to view in full screen)

Go to Launch Attack..

Select flooding cdp table and hit OK.

As soon as you hit OK, it will start generating thousands of CDP packets within seconds and they will fill out the CDP table of the switch and PCs connected to the switch will start to working slowly..





You can see the false CDP packets generated by the tool or if you have access to the switch you can enter show cdp neighbors to view what happened to the CDP table..

Before the attack is launched CDP traffic was like this..

When the attack was in progress, CDP traffic is like the following.. You can see 4653 inputs are there and an error message indicates that the memory allocation is failed..

How to protect from this?

Just disable CDP on access ports..

Cracking WPA2 Personal (PSK) Wireless Networks

Boot up your Kali Linux box and go to terminal, enter airmon-ng command to verify the wireless interface is up and running.

Looks like my wireless interface name is wlan0. Turn it to monitoring mode by entering airmon-ng start wlan0

Now enter the command airmon-ng again to see the changed name of the interface which will be used hereafter which is "wlan0mon" as you can see in the following capture.

Now lets see what are the available Wi-Fi networks in range by entering the command airodump-ng wlan0mon

Let it run for about a minute to gather information. Here you can see that only 1 wireless network is out there which is on channel 1, using WPA2, PSK (Pre Shared Key). This is the most common type of security implemented in wireless networks today.

Lets now write a file named "HOMECAP" with capturing wireless packets specifically on the BSSID 90:61:0C:27:5D:CB on channel 1. 

The command is airodump-ng -w HOMECAP -c 1 --bssid 90:61:0C:27:5D:CB wlan0mon

"-c 1" is regarding to the channel number 1. If the channel number is 10 use "-c 10" in this command.

Let is run until It captures a Handshake. When it captured a handshake, the output will be like the following.

You must wait for a handshake. It is not that much hard to capture a handshake of an active network because computer often goes to sleep mode, turn off & reboot and asks to reconnect etc. There is also a method of forcing clients to re-authenticate using the command 

aireplay-ng -0 0 -a <BSSID> -c <Client MAC Address> wlan0mon in a separate terminal while capturing packets. But most of the time it will not work in practical environments. 

After a handshake is captured enter ls to see the real name of the written file. 

See, Even though we gave the name as HOMECAP for the file it has changed to HOMECAP-01.cap 

Now lets crack it using a dictionary list. Here I am using the Kali's inbuilt dictionary list of rockyou.txt which is 140 MB. If you are using this dictionary for the 1st time, you will have to 1st extract the tar file in usr/share/wordlists folderThis has almost all the common passwords normally people enter for their wireless networks. There are also very big dictionaries out there which are gigabytes in size which has almost all the possible ASCII combinations.

Enter aircrack-ng HOMECAP-01.cap -w /usr/share/wordlists/rockyou.txt

Let it run until it cracks the password. This may take some time depending on the processing power of your CPU and the strength of the password. For this password it took only about 5 minutes.

Using a very strong password is the only way this can be prevented if your going to use WPA2 PSK..

Commands I entered?

airmon-ng
airmon-ng start <physical interface>
airmon-ng
airodump-ng <new monitoring interface>
airodump-ng -w <file name> -c <channel number> --bssid <BSSID> <interface>
aircrack-ng <new capture file name> -w /usr/share/wordlists/rockyou.txt

Create a Kali Live USB in the Same Pendrive You Use for Data

I have only 1 pendrive of 16 GB. So I am going to create 3 types of partitions in it so that I can use my pendrive as a normal data traveler + Linux security toolbox which I can bring anywhere easily.

10 GB of NTFS for normal day to day use as the data traveler
3 GB of FAT32 to install Kali Linx
1.5 GB of ext4 to persistence use

If you don't want your pendrive to use as a data traveler, you need to create 2 types of partitions only. Which are the FAT32 one & the ext4 one. Since it is a 16 GB pendrive it is a waste of doing so.

Download Mini Partition Wizard from here.

Open Mini Partition Wizard. The 1st look will be like the following.
(click on the image to see the full size)

My pendrive is empty and it has a default NTFS partition.

Creating the 10 GB NTFS Partition as a Data Traveler

Right click on your pendrive & select Move/Resize

Give these settings & hit ok

Creating a 3 GB FAT32 Partition for Kali Linux

Right click on unallocated space & select create & click yes

Give these settings as in the screen shot and hit ok

Creating a 1.5 GB ext4 Partition for Persistence

Right click on unallocated space & select create & click yes

Give these settings as in the screen shot and hit ok

Now everything will be like this.

Now all the partitions have been created. Let's apply the changes now.

After applying the changes you may see that the drive letter D: of the FAT32 partition is gone. So without a letter Windows will not identify the partition. So we have to do some changes to make it work form here.

1st delete the NTFS partition & give a letter to the FAT32 partition & hit Apply.

Now It will be like the following.

In My Computer the drive will look like the following.

Installing Kali

Download Kali ISO from their website. I downloaded the 32-bit full version of 2.6 GBs wich is compatible with most computers.

Now download Universal USB Installer from here

Open it, Select the ISO file and other parameters like this capture and hit create.

Wait for few minutes till it completes its job.

Now go to Mini Partition Wizard again & right click on FAT32 partition & select change letter & select none. Right click on the FAT32 partition again and select set active. It is used to identify the partition with the OS boot files when you boot from the pendrive later.

Right click on unallocated space & select create & click yes
Give these settings as in the screen shot and hit ok

Now everything will be like following.

Booting Kali from Pendrive

Now it's the time to reboot the PC and select USB drive in boot options.

Choose the option "Live USB Persistence"

Now don't click on the "persistence" icon on the screen.

Go to terminal and enter the following commands

Make a directory on the filesystem to mount your USB
mkdir -p /mnt/usb

To findout which partition of your drive you'll use (for mine it's sdb3)
fdisk -l

Mount the partition on the directory you made
mount /dev/sdb3 /mnt/usb

Add a configuration file to enable persistence

echo "/ union" > /mnt/usb/persistence.conf

Unmount the partition and reboot

umount /dev/sdb3 && reboot

After the reboot select USB drive in boot options & again choose the option "Live USB Persistence"

From now onward every config you do will be saved and it's more like using a dedicated Linux box.

Also you have your 10 GB pendrive for day to day use as a data traveler. cheers..!!