Send Cisco Discovery Protocol (CDP) Packets - Metasploit

This page contains detailed information about how to use the auxiliary/spoof/cisco/cdp metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview

---

Name: Send Cisco Discovery Protocol (CDP) Packets
Module: auxiliary/spoof/cisco/cdp
Source code: modules/auxiliary/spoof/cisco/cdp.rb
Disclosure date: -
Last modification time: 2017-07-24 06:26:21 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module sends Cisco Discovery Protocol (CDP) packets. Note that any responses to the CDP packets broadcast from this module will need to be analyzed with an external packet analysis tool, such as tcpdump or Wireshark in order to learn more about the Cisco switch and router environment.

Module Ranking and Traits

---

Module Ranking:

• normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

---

msf > use auxiliary/spoof/cisco/cdp
msf auxiliary(cdp) > show targets
    ... a list of targets ...
msf auxiliary(cdp) > set TARGET target-id
msf auxiliary(cdp) > show options
    ... show and set options ...
msf auxiliary(cdp) > exploit

Go back to menu.

Msfconsole Usage

---

Here is how the spoof/cisco/cdp auxiliary module looks in the msfconsole:

msf6 > use auxiliary/spoof/cisco/cdp

msf6 auxiliary(spoof/cisco/cdp) > show info

       Name: Send Cisco Discovery Protocol (CDP) Packets
     Module: auxiliary/spoof/cisco/cdp
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Fatih Ozavci

Available actions:
  Name   Description
  ----   -----------
  Spoof  Sends CDP packets

Check supported:
  No

Basic options:
  Name         Current Setting      Required  Description
  ----         ---------------      --------  -----------
  DEVICE_ID    SEP00070EEA3156      yes       Device ID (e.g. SIP00070EEA3156)
  FULL_DUPLEX  true                 yes       True iff full-duplex, false otherwise
  INTERFACE                         no        The name of the interface
  PLATFORM     Cisco IP Phone 7975  yes       Platform of the device
  PORT         Port 1               yes       The CDP 'sent through interface' value
  SMAC                              no        MAC Address for MAC Spoofing
  SOFTWARE     SCCP75.9-3-1SR2-1S   yes       Software of the device
  VTPDOMAIN                         no        VTP Domain

Description:
  This module sends Cisco Discovery Protocol (CDP) packets. Note that 
  any responses to the CDP packets broadcast from this module will 
  need to be analyzed with an external packet analysis tool, such as 
  tcpdump or Wireshark in order to learn more about the Cisco switch 
  and router environment.

References:
  http://en.wikipedia.org/wiki/CDP_Spoofing

Module Options

---

This is a complete list of options available in the spoof/cisco/cdp auxiliary module:

msf6 auxiliary(spoof/cisco/cdp) > show options

Module options (auxiliary/spoof/cisco/cdp):

   Name         Current Setting      Required  Description
   ----         ---------------      --------  -----------
   DEVICE_ID    SEP00070EEA3156      yes       Device ID (e.g. SIP00070EEA3156)
   FULL_DUPLEX  true                 yes       True iff full-duplex, false otherwise
   INTERFACE                         no        The name of the interface
   PLATFORM     Cisco IP Phone 7975  yes       Platform of the device
   PORT         Port 1               yes       The CDP 'sent through interface' value
   SMAC                              no        MAC Address for MAC Spoofing
   SOFTWARE     SCCP75.9-3-1SR2-1S   yes       Software of the device
   VTPDOMAIN                         no        VTP Domain

Auxiliary action:

   Name   Description
   ----   -----------
   Spoof  Sends CDP packets

Advanced Options

---

Here is a complete list of advanced options supported by the spoof/cisco/cdp auxiliary module:

msf6 auxiliary(spoof/cisco/cdp) > show advanced

Module advanced options (auxiliary/spoof/cisco/cdp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   GATEWAY_PROBE_HOST  8.8.8.8          yes       Send a TTL=1 random UDP datagram to this host to discover the default gateway's MAC
   GATEWAY_PROBE_PORT                   no        The port on GATEWAY_PROBE_HOST to send a random UDP probe to (random if 0 or unset)
   SECRET              1297303073       yes       A 32-bit cookie for probe requests.
   VERBOSE             false            no        Enable detailed status messages
   WORKSPACE                            no        Specify the workspace for this module

Auxiliary Actions

---

This is a list of all auxiliary actions that the spoof/cisco/cdp module can do:

msf6 auxiliary(spoof/cisco/cdp) > show actions

Auxiliary actions:

   Name   Description
   ----   -----------
   Spoof  Sends CDP packets

Evasion Options

---

Here is the full list of possible evasion options supported by the spoof/cisco/cdp auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(spoof/cisco/cdp) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Error Messages

---

This module may fail with the following error messages:

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

Unable to get SMAC from <INTERFACE> -- Set INTERFACE or SMAC

---

Here is a relevant code snippet related to the "Unable to get SMAC from <INTERFACE> -- Set INTERFACE or SMAC" error message:

44:	  end
45:	
46:	  def setup
47:	    check_pcaprub_loaded
48:	    unless smac
49:	      fail ArgumentError, "Unable to get SMAC from #{interface} -- Set INTERFACE or SMAC"
50:	    end
51:	    open_pcap
52:	    close_pcap
53:	  end
54:	

Go back to menu.

Related Pull Requests

---

• #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
• #6655 Merged Pull Request: use MetasploitModule as a class name
• #6648 Merged Pull Request: Change metasploit class names
• #5059 Merged Pull Request: Yard doc corrections
• #4258 Merged Pull Request: Fixup for release

References

---

• CVE: Not available
• http://en.wikipedia.org/wiki/CDP_Spoofing

See Also

---

Check also the following modules related to this module:

• auxiliary/admin/netbios/netbios_spoof
• auxiliary/server/dns/spoofhelper
• auxiliary/server/netbios_spoof_nat
• auxiliary/spoof/arp/arp_poisoning
• auxiliary/spoof/cisco/dtp
• auxiliary/spoof/dns/bailiwicked_domain
• auxiliary/spoof/dns/bailiwicked_host
• auxiliary/spoof/dns/compare_results
• auxiliary/spoof/dns/native_spoofer
• auxiliary/spoof/llmnr/llmnr_response
• auxiliary/spoof/mdns/mdns_response
• auxiliary/spoof/nbns/nbns_response
• auxiliary/spoof/replay/pcap_replay
• auxiliary/voip/sip_invite_spoof
• exploit/windows/fileformat/winrar_name_spoofing
• post/linux/manage/dns_spoofing
• post/osx/gather/password_prompt_spoof
• auxiliary/gather/avtech744_dvr_accounts
• auxiliary/gather/c2s_dvr_password_disclosure
• auxiliary/scanner/misc/dahua_dvr_auth_bypass
• auxiliary/scanner/misc/dvr_config_disclosure
• auxiliary/scanner/misc/raysharp_dvr_passwords
• exploit/linux/http/mvpower_dvr_shell_exec
• auxiliary/dos/cisco/cisco_7937g_dos
• auxiliary/dos/cisco/cisco_7937g_dos_reboot
• auxiliary/dos/cisco/ios_http_percentpercent
• auxiliary/dos/cisco/ios_telnet_rocem

Authors

---

Fatih Ozavci

Version

---

This page has been produced using Metasploit Framework version 6.1.27-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.