Nmap Development mailing list archives

Re: help dhcp-discover.nse

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 7 Apr 2010 21:59:26 +0000

On Wed, 7 Apr 2010 15:27:21 -0500
Ron <ron () skullsecurity net> wrote:
[...]

So I tried scanning the router which is a DHCP helper/relay but I
got:

NSE: dhcp-discover against 132.239.181.1:67 threw an error!
./scripts/dhcp-discover.nse:557: variable 'value' is not declared
stack traceback:
    [C]: in function 'error'
    ./nselib/strict.lua:68: in function <./nselib/strict.lua:59>
    ./scripts/dhcp-discover.nse:557: in function 'dhcp_parse'
    ./scripts/dhcp-discover.nse:695: in function 'go'
    ./scripts/dhcp-discover.nse:710: in function
<./scripts/dhcp-discover.nse:709> (tail call): ?

So I think this script needs a bit of work.

Assuming everything was working, you'd do something like:

$ sudo ./nmap -sU -p 67 -v -d -PN --script=dhcp-discover <target(s)>

Brandon

Brandon is correct, that's the command you would use. I've requested
having one-time scripts that do broadcasts in the past, and I think
it's made its way into the TODO list, but we don't have it yet. So
dhcp-discover has to be against a specific host. 

As for it not working, thanks for the report! I don't have a dhcp
server at work to test against, but I'll figure out what's going on
as soon as I get home.


Ron fixed this in r17229.  Our server returns a boatload of stuff:

67/udp open  dhcps   script-set
| dhcp-discover:  
|   IP Offered: (not hard to figure out)
|   DHCP Message Type: DHCPOFFER
|   Server Identifier: (our DHCP server)
|   IP Address Lease Time: 0 days, 0:05:00
|   Subnet Mask: 255.255.255.0
|   Time Offset: 4294938496
|   Router: (a long sequence of gateways)
|   Time Server: 132.239.1.5
|   Domain Name Server: 132.239.0.252, 128.54.16.2
|   Hostname: gamma
|   Domain Name: ucsd.edu
|   IP Forwarding: false
|   Perform Router Discovery: false
|   NetBIOS Name Server: (I can't believe we use this crap)
|   NetBIOS Node Type: 8
|   Renewal Time Value: 0 days, 0:02:30
|_  Rebinding Time Value: 0 days, 0:04:22


Ron figured out that "IP Forwarding: false" was causing the boolean
value check code to choke.

With support like this I'm getting spoiled!  Thanks Ron.

Brandon

Attachment: signature.asc
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

help dhcp-discover.nse Norris Carden (Apr 07)
- Re: help dhcp-discover.nse Brandon Enright (Apr 07)
  - Re: help dhcp-discover.nse Ron (Apr 07)
    - Re: help dhcp-discover.nse Brandon Enright (Apr 07)