LinuxCommandLibrary

dhcpwn

Exploit DHCP server vulnerabilities

TLDR

Flood the network with IP requests

$ dhcpwn [[-i|--interface]] [network_interface] flood [[-c|--count]] [number_of_requests]
copy

Sniff local DHCP traffic
$ dhcpwn [[-i|--interface]] [network_interface] sniff
copy

SYNOPSIS

dhcpwn [options]

PARAMETERS

-i
    Specify the network interface to use.

-s
    Specify the IP address of the rogue DHCP server.

-g
    Specify the gateway IP address to offer to clients.

-d
    Specify the DNS server IP address to offer to clients.

-r
    Specify the IP address range to offer to clients. Example: 192.168.1.100-192.168.1.200.

-m
    Specify the MAC address to use for DHCP requests. Allows spoofing.

-o
    Specify a custom DHCP option to include in the offered DHCP packets.

-t
    Set the DHCP offer lease time in seconds. Defaults to 86400 (24 hours).

-f
    Enable DHCP starvation attack (send many DHCP requests with different MAC addresses).

-v
    Enable verbose output.

-h
    Display help message.

DESCRIPTION

dhcpwn is a penetration testing tool designed to exploit and audit DHCP (Dynamic Host Configuration Protocol) clients. It allows security professionals to assess the robustness of DHCP implementations and identify vulnerabilities. dhcpwn can perform various attacks, including DHCP starvation, rogue DHCP server emulation, and option manipulation.

By crafting malicious DHCP packets, dhcpwn can force clients to accept incorrect or malicious network configurations, potentially leading to man-in-the-middle attacks, denial-of-service conditions, or the compromise of client systems. The tool provides options for specifying custom DHCP options, manipulating MAC addresses, and controlling the timing of DHCP requests.

It's crucial to use dhcpwn responsibly and only in authorized environments to avoid disrupting network services or causing harm. dhcpwn is useful for penetration testing and security auditing of network infrastructures that rely on DHCP. Understanding the impact of these tests and having explicit permissions is of utmost importance.

CAVEATS

dhcpwn requires root privileges to access network interfaces and craft raw packets. Using it without authorization can be illegal and harmful. Ensure you have explicit permission to test any network.

DISCLAIMER

This tool is intended for educational and ethical security testing purposes only. The author(s) are not responsible for any misuse or damage caused by this tool. Always obtain explicit permission before testing any network.

SEE ALSO

dhclient(8), tcpdump(1), wireshark(1)

Copied to clipboard