Nmap Development mailing list archives
Re: dhcp script!
From: Michael Pattrick <mpattrick () rhinovirus org>
Date: Tue, 8 Sep 2009 09:21:30 -0400
From windows, against a netgear router... Nothing happens, but this
router is rather cheap. Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5 Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-09-08 09:19 Eastern Daylight Time --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 1 scripts for scanning. Initiating ARP Ping Scan at 09:19 Scanning 10.0.0.1 [1 port] Packet capture filter (device eth6): arp and arp[18:4] = 0x00112222 and arp[22:2] = 0x1100 Completed ARP Ping Scan at 09:19, 0.20s elapsed (1 total hosts) Overall sending rates: 4.93 packets / s, 206.90 bytes / s. mass_rdns: Using DNS server 10.100.200.61 mass_rdns: Using DNS server 10.100.200.62 mass_rdns: Using DNS server 208.67.222.222 mass_rdns: Using DNS server 205.211.180.196 mass_rdns: Using DNS server 205.211.181.196 Initiating Parallel DNS resolution of 1 host. at 09:19 mass_rdns: 0.01s 0/1 [#: 5, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 09:19, 0.01s elapsed DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 5, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] Initiating UDP Scan at 09:19 Scanning 10.0.0.1 [1 port] Packet capture filter (device eth6): dst host 10.0.0.4 and (icmp or ((tcp or udp or sctp) and (src host 10.0.0.1))) Completed UDP Scan at 09:19, 0.21s elapsed (1 total ports) Overall sending rates: 9.52 packets / s, 266.67 bytes / s. NSE: Script scanning 10.0.0.1. NSE: Starting runlevel 1 scan Initiating NSE at 09:19 NSE: NSE Script Threads (1) running: NSE: Starting dhcp-inform against 10.0.0.1:67. NSE: Finished dhcp-inform against 10.0.0.1:67. Completed NSE at 09:20, 2.79s elapsed NSE: Script Scanning completed. Host 10.0.0.1 is up, received arp-response (0.0020s latency). Scanned at 2009-09-08 09:19:59 Eastern Daylight Time for 3s Interesting ports on 10.0.0.1: PORT STATE SERVICE REASON 67/udp open|filtered dhcps no-response MAC Address: 00:0F:B5:13:E8:BE (Netgear) Final times for host: srtt: 2000 rttvar: 5000 to: 100000 Read from c:\nmap\mswin32\Release: nmap-mac-prefixes nmap-services. Nmap done: 1 IP address (1 host up) scanned in 4.72 seconds Raw packets sent: 3 (98B) | Rcvd: 1 (42B) On Tue, Sep 8, 2009 at 8:40 AM, Ron<ron () skullsecurity net> wrote:
I put together a script to probe DHCP servers this weekend. Unfortunately, I only have my Linksys WRT54g with stock firmware to test against, so I'd appreciate others giving it a shot! Basically, do a UDP scan against port 67 on your gateway device, as root, and see what the response is. nmap -d -sU -p67 --script=dhcp-inform <target> I've attached it as a .patch because it requires an extra function added to ipOps.lua. The functions for building/parsing DHCP packets are generic enough that they can handle building/parsing *any* DHCP packet. So, if there are other ideas for things we can do with DHCP, let me know and I'll throw them into a NSELib and write extra DHCP scripts. Thanks! Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- dhcp script! Ron (Sep 08)
- Re: dhcp script! Michael Pattrick (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Michael Pattrick (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! David Fifield (Sep 08)
- Re: dhcp script! Michael Pattrick (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Walt Scrivens (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Michael Pattrick (Sep 08)
- Re: dhcp script! Ron (Sep 08)