Send Cisco Discovery Protocol (CDP) Packets - Metasploit
This page contains detailed information about how to use the auxiliary/spoof/cisco/cdp metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Send Cisco Discovery Protocol (CDP) Packets
Module: auxiliary/spoof/cisco/cdp
Source code: modules/auxiliary/spoof/cisco/cdp.rb
Disclosure date: -
Last modification time: 2017-07-24 06:26:21 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -
This module sends Cisco Discovery Protocol (CDP) packets. Note that any responses to the CDP packets broadcast from this module will need to be analyzed with an external packet analysis tool, such as tcpdump or Wireshark in order to learn more about the Cisco switch and router environment.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use auxiliary/spoof/cisco/cdp
msf auxiliary(cdp) > show targets
... a list of targets ...
msf auxiliary(cdp) > set TARGET target-id
msf auxiliary(cdp) > show options
... show and set options ...
msf auxiliary(cdp) > exploit
Go back to menu.
Msfconsole Usage
Here is how the spoof/cisco/cdp auxiliary module looks in the msfconsole:
msf6 > use auxiliary/spoof/cisco/cdp
msf6 auxiliary(spoof/cisco/cdp) > show info
Name: Send Cisco Discovery Protocol (CDP) Packets
Module: auxiliary/spoof/cisco/cdp
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
Fatih Ozavci
Available actions:
Name Description
---- -----------
Spoof Sends CDP packets
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
DEVICE_ID SEP00070EEA3156 yes Device ID (e.g. SIP00070EEA3156)
FULL_DUPLEX true yes True iff full-duplex, false otherwise
INTERFACE no The name of the interface
PLATFORM Cisco IP Phone 7975 yes Platform of the device
PORT Port 1 yes The CDP 'sent through interface' value
SMAC no MAC Address for MAC Spoofing
SOFTWARE SCCP75.9-3-1SR2-1S yes Software of the device
VTPDOMAIN no VTP Domain
Description:
This module sends Cisco Discovery Protocol (CDP) packets. Note that
any responses to the CDP packets broadcast from this module will
need to be analyzed with an external packet analysis tool, such as
tcpdump or Wireshark in order to learn more about the Cisco switch
and router environment.
References:
http://en.wikipedia.org/wiki/CDP_Spoofing
Module Options
This is a complete list of options available in the spoof/cisco/cdp auxiliary module:
msf6 auxiliary(spoof/cisco/cdp) > show options
Module options (auxiliary/spoof/cisco/cdp):
Name Current Setting Required Description
---- --------------- -------- -----------
DEVICE_ID SEP00070EEA3156 yes Device ID (e.g. SIP00070EEA3156)
FULL_DUPLEX true yes True iff full-duplex, false otherwise
INTERFACE no The name of the interface
PLATFORM Cisco IP Phone 7975 yes Platform of the device
PORT Port 1 yes The CDP 'sent through interface' value
SMAC no MAC Address for MAC Spoofing
SOFTWARE SCCP75.9-3-1SR2-1S yes Software of the device
VTPDOMAIN no VTP Domain
Auxiliary action:
Name Description
---- -----------
Spoof Sends CDP packets
Advanced Options
Here is a complete list of advanced options supported by the spoof/cisco/cdp auxiliary module:
msf6 auxiliary(spoof/cisco/cdp) > show advanced
Module advanced options (auxiliary/spoof/cisco/cdp):
Name Current Setting Required Description
---- --------------- -------- -----------
GATEWAY_PROBE_HOST 8.8.8.8 yes Send a TTL=1 random UDP datagram to this host to discover the default gateway's MAC
GATEWAY_PROBE_PORT no The port on GATEWAY_PROBE_HOST to send a random UDP probe to (random if 0 or unset)
SECRET 1297303073 yes A 32-bit cookie for probe requests.
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the spoof/cisco/cdp module can do:
msf6 auxiliary(spoof/cisco/cdp) > show actions
Auxiliary actions:
Name Description
---- -----------
Spoof Sends CDP packets
Evasion Options
Here is the full list of possible evasion options supported by the spoof/cisco/cdp auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(spoof/cisco/cdp) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
Unable to get SMAC from <INTERFACE> -- Set INTERFACE or SMAC
Here is a relevant code snippet related to the "Unable to get SMAC from <INTERFACE> -- Set INTERFACE or SMAC" error message:
44: end
45:
46: def setup
47: check_pcaprub_loaded
48: unless smac
49: fail ArgumentError, "Unable to get SMAC from #{interface} -- Set INTERFACE or SMAC"
50: end
51: open_pcap
52: close_pcap
53: end
54:
Go back to menu.
Related Pull Requests
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #5059 Merged Pull Request: Yard doc corrections
- #4258 Merged Pull Request: Fixup for release
References
See Also
Check also the following modules related to this module:
- auxiliary/admin/netbios/netbios_spoof
- auxiliary/server/dns/spoofhelper
- auxiliary/server/netbios_spoof_nat
- auxiliary/spoof/arp/arp_poisoning
- auxiliary/spoof/cisco/dtp
- auxiliary/spoof/dns/bailiwicked_domain
- auxiliary/spoof/dns/bailiwicked_host
- auxiliary/spoof/dns/compare_results
- auxiliary/spoof/dns/native_spoofer
- auxiliary/spoof/llmnr/llmnr_response
- auxiliary/spoof/mdns/mdns_response
- auxiliary/spoof/nbns/nbns_response
- auxiliary/spoof/replay/pcap_replay
- auxiliary/voip/sip_invite_spoof
- exploit/windows/fileformat/winrar_name_spoofing
- post/linux/manage/dns_spoofing
- post/osx/gather/password_prompt_spoof
- auxiliary/gather/avtech744_dvr_accounts
- auxiliary/gather/c2s_dvr_password_disclosure
- auxiliary/scanner/misc/dahua_dvr_auth_bypass
- auxiliary/scanner/misc/dvr_config_disclosure
- auxiliary/scanner/misc/raysharp_dvr_passwords
- exploit/linux/http/mvpower_dvr_shell_exec
- auxiliary/dos/cisco/cisco_7937g_dos
- auxiliary/dos/cisco/cisco_7937g_dos_reboot
- auxiliary/dos/cisco/ios_http_percentpercent
- auxiliary/dos/cisco/ios_telnet_rocem
Authors
Fatih Ozavci
Version
This page has been produced using Metasploit Framework version 6.1.27-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.