Results 1 to 8 of 8

Thread: DHCP attack

  1. #1
    Just burned his ISO dellthinker's Avatar
    Join Date
    Dec 2009
    Posts
    5

    Default DHCP attack

    Hi all, i found a tool im preparing to test for a security paper i'll be writting soon. Its called DHCP attack(hence the topic title) You can find it if you google for "Metasploit DNS and DHCP Exhaustion" because i still cant post url's However the theory is of course to request every single DHCP IP from the server/router. My question is what if there were machine already connected to the network, how would i go about forcing them to try and request an DHCP IP? I've thought of several ways, arp mitm, tcpkill, tcpnice and none of those methods would completely disconnect the client to the point that they would be forced to reconnect. So does anyone have any ideas of how i could go about forcing a LAN machine to disconnect and reconnect? Thanx in advance!

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    You could try forging a DHCP disconnect packet to the server. Have a look at doing it with scapy. I'd just use MiTM arp to deny that particular host anything useful though, inifinitely easier.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I like Gitsnik's idea of forging a DHCP release packet for the machine you want off the network.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Just burned his ISO dellthinker's Avatar
    Join Date
    Dec 2009
    Posts
    5

    Default

    Quote Originally Posted by Gitsnik View Post
    You could try forging a DHCP disconnect packet to the server. Have a look at doing it with scapy. I'd just use MiTM arp to deny that particular host anything useful though, inifinitely easier.
    Hmmm, i just read up on scapy and installed it. One more question though. Do you think it would be logical to send modified dhcp release packets from the attacking machine to the server posing as the targets hosts?

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by dellthinker View Post
    Hmmm, i just read up on scapy and installed it. One more question though. Do you think it would be logical to send modified dhcp release packets from the attacking machine to the server posing as the targets hosts?
    Ouch, scapy is installed by default in BT.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by dellthinker View Post
    Do you think it would be logical to send modified dhcp release packets from the attacking machine to the server posing as the targets hosts?
    It is not the easiest way to knock a host off the network, but it might be useful.

    Soon as I have a moment I'm booting my BT box and having a crack at writing this myself!
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Just burned his ISO dellthinker's Avatar
    Join Date
    Dec 2009
    Posts
    5

    Default

    Quote Originally Posted by archangel.amael View Post
    Ouch, scapy is installed by default in BT.

    I hope this doesnt get me banned or flammed but .......

    I dont use BT, or any other LiveCD for that matter. Debian Lenny ftw

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by dellthinker View Post
    I hope this doesnt get me banned or flammed but .......

    I dont use BT, or any other LiveCD for that matter. Debian Lenny ftw
    Nope it won't but it will allow this thread to be closed. We don't support Debian even if Back Track is based off of Ubuntu, that is based off of Debian.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •