Re: help dhcp-discover.nse

[Ron <ron () skullsecurity net>]

On Wed, 7 Apr 2010 20:12:56 +0000 Brandon Enright <bmenrigh () ucsd edu>
wrote:
> Norris,
>
> The dhcp-discover script is a host script.  Nmap doesn't really have
> the notion of a "network script".  Nmap needs to detect UDP port 67
> open (or open|filtered) in order to use the script.
>
> I was going to suggest scanning the broadcast address but Nmap won't
> know the nexthop MAC is supposed to be ffff.ffff.ffff
>
> So I tried scanning the router which is a DHCP helper/relay but I got:
>
> NSE: dhcp-discover against 132.239.181.1:67 threw an error!
> ./scripts/dhcp-discover.nse:557: variable 'value' is not declared
> stack traceback:
>       [C]: in function 'error'
>       ./nselib/strict.lua:68: in function <./nselib/strict.lua:59>
>       ./scripts/dhcp-discover.nse:557: in function 'dhcp_parse'
>       ./scripts/dhcp-discover.nse:695: in function 'go'
>       ./scripts/dhcp-discover.nse:710: in function
> <./scripts/dhcp-discover.nse:709> (tail call): ?
>
> So I think this script needs a bit of work.
>
> Assuming everything was working, you'd do something like:
>
> $ sudo ./nmap -sU -p 67 -v -d -PN --script=dhcp-discover <target(s)>
>
> Brandon
Brandon is correct, that's the command you would use. I've requested having one-time scripts that do broadcasts in the 
past, and I think it's made its way into the TODO list, but we don't have it yet. So dhcp-discover has to be against a 
specific host. 

As for it not working, thanks for the report! I don't have a dhcp server at work to test against, but I'll figure out 
what's going on as soon as I get home. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/