Results 1 to 4 of 4

Thread: Finding IP address without DHCP

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    2

    Default Finding IP address without DHCP

    Hello everyone.

    I set up a Linksys WRT54GS to get myself familiar with some concepts of pentesting with BT4. Obviously, getting through WEP is no problem, and that is well documented. However, I did encounter some difficulties when changing some settings on the router that I wanted to ask about.

    MAC Filtering
    Bypassing this is no problem when there's a valid wireless client associated... I just set the wlan adapter to use the same MAC as the one allowed. However, what's the best way to proceed when there's NO wireless clients currently associated?

    No DHCPd
    Accessing a network is easy if you have a DHCP service running that's courteous enough to provide you with an IP address. But what do you do if there's no DHCP service running? Doesn't even have to apply to encrypted networks, but also for open authentication. It's easy to guess when there's a Class C subnet being used, but what if it's a Class B or Class A? Could be one of hundreds of permutations. Any ideas?

    Thanks.

  2. #2
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Finding IP address without DHCP

    Well regarding the MAC filtering, there is an option in MDK3 to try to bruteforce the MAC address,
    but for that to work the router needs to be 802.11 compliant.

    Without DHCPD being enabled on the router, there are several options to try ;
    > netdiscover
    > kismet
    > tcpdump

    It is all a lot easier if a client is connected with the above, but netdiscover seems to work pretty well.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Finding IP address without DHCP

    Quote Originally Posted by Warwulf View Post
    No DHCPd
    Accessing a network is easy if you have a DHCP service running that's courteous enough to provide you with an IP address. But what do you do if there's no DHCP service running? Doesn't even have to apply to encrypted networks, but also for open authentication. It's easy to guess when there's a Class C subnet being used, but what if it's a Class B or Class A? Could be one of hundreds of permutations. Any ideas?
    Why would it matter if it's a larger network block?

    Assuming there's a larger network block being used then it's also more likely that there are actually live clients from which you can deduce addressing being used.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Junior Member creepykrawler's Avatar
    Join Date
    Jan 2010
    Location
    USA
    Posts
    56

    Default Re: Finding IP address without DHCP

    arping could help here too.
    "Failing to plan is planning to fail"

Similar Threads

  1. How to connect to AP w/ DHCP turned off?
    By mybem33m in forum Beginners Forum
    Replies: 1
    Last Post: 02-07-2010, 12:04 PM
  2. NMAP scan of my real IP address
    By Linus1907 in forum Beginners Forum
    Replies: 13
    Last Post: 02-01-2010, 10:47 AM
  3. Replies: 2
    Last Post: 01-16-2010, 05:26 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •