Re: dhcp script!

[jah <jah () zadkiel plus com>]

On 08/09/2009 13:40, Ron wrote:
> I put together a script to probe DHCP servers this weekend.
> Unfortunately, I only have my Linksys WRT54g with stock firmware to
> test against, so I'd appreciate others giving it a shot!
>
> Basically, do a UDP scan against port 67 on your gateway device, as
> root, and see what the response is.
>
> nmap -d -sU -p67 --script=dhcp-inform <target> 
Hi Ron,

I tried your script with the command above against a DrayTek Vigor 2800G
and was surprised to find that it doesn't respond to DHCP Information.
I then used --script-args dhcptype=DHCPREQUEST and got the following:

Interesting ports on vigor (192.168.1.1):
PORT   STATE SERVICE REASON
67/udp open  dhcps   script-set
|  dhcp-inform: 
|   DHCP Message Type: DHCPACK
|   Server Identifier: 192.168.1.1
|   Renewal Time Value: 1090126080
|   Rebinding Time Value: 4034200320
|   IP Address Lease Time (client): 2163475200
|   Subnet Mask: 255.255.255.0
|   Router: 192.168.1.1
|_  Domain Name Server: 212.159.6.9, 212.159.6.10
MAC Address: 00:50:7F:D5:5E:30 (DrayTek)

So it didn't respond with all the items of info requested of it, but
there is at least some useful info.  Maybe the DHCPREQUEST should be the
default request?
Nice script.

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org