# NAC Bypass

* <https://luemmelsec.github.io/I-got-99-problems-but-my-NAC-aint-one/>
* <https://www.thehacker.recipes/physical/networking/network-access-control>
* <https://habr.com/ru/company/jetinfosystems/blog/564238/>

{% embed url="<https://youtu.be/v_hBALPH7KE>" %}

## Tools

### FENRIR

* <https://github.com/Orange-Cyberdefense/fenrir-ocd>
* [\[PDF\] 802.1x NAC & BYPASS TECHNIQUES (Hack in Paris 2017, Valérian LEGRAND)](https://hackinparis.com/data/slides/2017/2017_Legrand_Valerian_802.1x_Network_Access_Control_and_Bypass_Techniques.pdf)

{% embed url="<https://youtu.be/tN9LoIwdRd4>" %}

### NACKered & nac\_bypass

* <https://github.com/p292/NACKered>
* <https://github.com/scipag/nac_bypass>
* <https://github.com/snovvcrash/nac_bypass>

Set up the bridge (`eth0` is connected to the switch, `eth1` is connected to the authenticated client):

```
$ sudo ./nac_bypass_setup.sh -1 eth0 -2 eth1 [-S] [-R]
```

Check iptables rules:

```
$ sudo iptables -t nat -L
```

Reset all the changes (bridge interface and iptables rules):

```
$ sudo ./nac_bypass_setup.sh -r
```