Re: help dhcp-discover.nse

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 7 Apr 2010 15:05:52 -0500
"Norris Carden" <ncarden () ascendfcu org> wrote:

> I am trying to discover DHCP servers and can't seem to make this
> script do it. Here's what I understand the command should be:
>
> nmap --script=dhcp-discover
>
> I would think this would just send a DHCP request broadcast and listen
> for responses. Does this script require that I already know the
> address of a DHCP server?
>
> Thanks,
>
> Norris


Norris,

The dhcp-discover script is a host script.  Nmap doesn't really have
the notion of a "network script".  Nmap needs to detect UDP port 67
open (or open|filtered) in order to use the script.

I was going to suggest scanning the broadcast address but Nmap won't
know the nexthop MAC is supposed to be ffff.ffff.ffff

So I tried scanning the router which is a DHCP helper/relay but I got:

NSE: dhcp-discover against 132.239.181.1:67 threw an error!
./scripts/dhcp-discover.nse:557: variable 'value' is not declared
stack traceback:
        [C]: in function 'error'
        ./nselib/strict.lua:68: in function <./nselib/strict.lua:59>
        ./scripts/dhcp-discover.nse:557: in function 'dhcp_parse'
        ./scripts/dhcp-discover.nse:695: in function 'go'
        ./scripts/dhcp-discover.nse:710: in function <./scripts/dhcp-discover.nse:709>
        (tail call): ?

So I think this script needs a bit of work.

Assuming everything was working, you'd do something like:

$ sudo ./nmap -sU -p 67 -v -d -PN --script=dhcp-discover <target(s)>

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAku8508ACgkQqaGPzAsl94L1KgCeKCDGjyEw6HfYGyuwPF472wfp
0fMAn0xXIfLiyxLuyHT7E5XThpbWERZB
=ySCj
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/