Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Updated DHCP scripts

From: Ron <ron () skullsecurity net>
Date: Sat, 28 Aug 2010 19:48:19 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All right, these changes are committed. I'd like to put more work into the DHCP scripts, though. What do you think of 
this idea?

Right now, by default, a DHCP_DISCOVER is sent directly to the host (when broadcasting is enabled, we'll do that as a 
prerule). The response is parsed and displayed. There are script-args for randomizing the MAC address, sending multiple 
requests, etc (all of which are designed to exhaust the DHCP addresses). 

I'm thinking of splitting up the script a bit (the names are just the first things I thought of):
- - dhcp-discover -- Send a DHCP_DISCOVER broadcast once we get broadcast sorted out (will find all DHCP servers on the 
network segment)
- - dhcp-info -- Send a DHCP_INFORM to the particular target. This doesn't always work, but is safe enough to be in the 
default/safe group. 
- - dhcp-exhaust -- Send a series of DHCP DISCOVER messages with random MAC addresses, designed to exhaust the DHCP 
server. This would be in 'dos'. 

None of those would be a significant amount of code, thanks to the DHCP library I wrote, but that's the cleanest way of 
splitting it that I can think of. 

Any thoughts?

Ron

On Sat, 14 Aug 2010 00:09:09 -0500 Ron <ron () skullsecurity net> wrote:

Hey all,

I took some time this evening and abstracted most of the code from
dhcp-discover.nse into a library. I was working on the "add targets"
with DHCP this week, and realized that the DHCP code really needed to
be put into a library. 

The attached patch shouldn't affect the behaviour/output of
dhcp-discover.nse at all, besides some cleaned-up output and some
other minor improvements, but the DHCP code now resides in a nselib
and has a much cleaner interface. 

Let me know if you have any issues before I commit it! 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkx5rlMACgkQ2t2zxlt4g/RWfwCfblcg7gsaOS12rcciokzzskef
CkUAn3J9AWp3t6kdW8ZqFrhmXcrfH2dq
=g41I
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: