Nmap Development mailing list archives
Re: DHCP payload probe?
From: Ron <ron () skullsecurity net>
Date: Thu, 10 Sep 2009 07:41:06 -0500
On 09/09/2009 11:09 PM, David Fifield wrote:
On Tue, Sep 08, 2009 at 07:40:42AM -0500, Ron wrote:I put together a script to probe DHCP servers this weekend. Unfortunately, I only have my Linksys WRT54g with stock firmware to test against, so I'd appreciate others giving it a shot! Basically, do a UDP scan against port 67 on your gateway device, as root, and see what the response is. nmap -d -sU -p67 --script=dhcp-inform<target> I've attached it as a .patch because it requires an extra function added to ipOps.lua.With your knowledge of DHCP, can you recommend a safe response-provoking payload that could be sent with all UDP probes to port 67 during port scanning? David Fifield
Yes and no. There are three options: a) Sending DHCPINFORM, which not everybody responds tob) Sending DHCPDISCOVER, which has the side effect of reserving an ip address for a short period
c) Sending an invalid request, which results in a DHCPNAK error(c) is probably the best one, I'm thinking. I'll have to investigate how to evoke an error reliably, though.
Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: dhcp script!, (continued)
- Re: dhcp script! David Fifield (Sep 09)
- Re: dhcp script! Walt Scrivens (Sep 12)
- Re: dhcp script! David Fifield (Sep 22)
- Re: dhcp script! Walt Scrivens (Sep 23)
- Re: dhcp script (version 2) Fyodor (Sep 09)
- Re: dhcp script (version 2) Ron (Sep 09)
- Re: dhcp script (version 2) Fyodor (Sep 10)
- Re: DHCP payload probe? Ron (Sep 10)
- Re: DHCP payload probe? David Fifield (Sep 10)