Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problem using the dhcp-discover script for Nmap

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 14 Jul 2011 11:21:15 +0200
Hi Ron & Paul,

We've been splitting scripts that do broadcast up into separate scripts (prefixed by broadcast-) for more flexibility.
Therefore, I have written a new script (script broadcast-dhcp-discover.nse) that makes use of the dhcp library to 
achieve broadcast DHCP requests.
In order to do so, I had to do some small changes to the dhcp.lua library that I'm attaching as well.

The new script attempts to send a request to the broadcast address and then listens on all ethernet interfaces that are 
up for a response.
The reason for this is that I wanted to avoid having to supply the interface to use on the command line.

Paul, as I'm not sure which version of Nmap your running I'm attaching a copy of the patched dhcp library as well.
in order to try the script out, you need to copy the dhcp.lua library into nselib and the broadcast-dhcp-discover.nse 
script into the scripts directory.
Once this is done you should be able to try the script out using the following command:
sudo nmap --script broadcast-dhcp-discover

As you may have concluded from sudo, the script needs to be run as root.
Let me know if/how this works out for you!

Oh, and if anyone else on nmap-dev would like to help testing, you're more than welcome :)

Regards,
Patrik

Attachment: dhcp_remove_local.patch
Description:

Attachment: broadcast-dhcp-discover.nse
Description:

Attachment: dhcp.lua
Description: 


On Jul 14, 2011, at 3:18 AM, Ron wrote:


On Wed, 13 Jul 2011 14:22:53 +0200 Paul Courbis <paul () courbis com> wrote:

Hi

I'm sorry to bother you about this but I can't figure out how to make
your script work.

I have a network with a DHCP server (actually a "Livebox", an ADSL
box frow Orange/France Telecom). It works quite well and returns IPs
when using dhclient for example.

I try ro use your script. As far as I understand, when doing
something like "nmap -sV --script=dhcp-discover <DHCP server IP
address>" I should received some information such as descrbed in
http://nmap.org/nsedoc/scripts/dhcp-discover.html (ie IP offered,
etc...)

I try to run this on my openSuse 11.4 linux (using both the lastest
stable or beta version of nmap) but after a long time it gives
nothing. The udp/67 port is even not listed.

I also tried to do something like "nmap -sU -p67
--script=dhcp-discover x.x.x.x" but I just get the fact that 67/udp
is "open|filtered" but nothing more.

What am I doing wrong ?

Thanks in advance

Best regards

Paul
-- 
Paul Courbis


Hey Paul, 

The protocol for dhcp is a little messed up. I've noticed that certain implementations will only respond if it 
receives a request on the broadcast address rather than a standard UDP/67 connection. 

I think we should add a prerule to the dhcp-discover script to do a broadcast. I'm CCing nmap-dev for opinions - I 
don't have time to do it right now, but hopefully somebody else can kick in and write it?

Ron
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: