Nmap Development mailing list archives

DHCP payload probe?

From: David Fifield <david () bamsoftware com>
Date: Wed, 9 Sep 2009 22:09:03 -0600

On Tue, Sep 08, 2009 at 07:40:42AM -0500, Ron wrote:

I put together a script to probe DHCP servers this weekend.  
Unfortunately, I only have my Linksys WRT54g with stock firmware to test  
against, so I'd appreciate others giving it a shot!

Basically, do a UDP scan against port 67 on your gateway device, as  
root, and see what the response is.

nmap -d -sU -p67 --script=dhcp-inform <target>

I've attached it as a .patch because it requires an extra function added  
to ipOps.lua.


With your knowledge of DHCP, can you recommend a safe response-provoking
payload that could be sent with all UDP probes to port 67 during port
scanning?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: dhcp script!, (continued)
- - - Re: dhcp script! Brandon Enright (Sep 09)
    - Re: dhcp script! David Fifield (Sep 09)
    - Re: dhcp script! Walt Scrivens (Sep 12)
    - Re: dhcp script! David Fifield (Sep 22)
    - Re: dhcp script! Walt Scrivens (Sep 23)
- Re: dhcp script (version 2) Ron (Sep 08)
  - Re: dhcp script (version 2) Fyodor (Sep 09)
    - Re: dhcp script (version 2) Ron (Sep 09)
    - Re: dhcp script (version 2) Fyodor (Sep 10)
- Re: dhcp script (version 3) Ron (Sep 09)
- DHCP payload probe? David Fifield (Sep 09)
  - Re: DHCP payload probe? Ron (Sep 10)
    - Re: DHCP payload probe? David Fifield (Sep 10)