Jump to content

Metasploit Dns And Dhcp Exhaustion


Recommended Posts

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

I was leaving the dhcp library in lib/ instead of msf3/lib , that was why it wasn't finding it.

Now I have another problem. I tried with a intel 3945 wifi and (suspecting that it doesn't support promiscuous mode), tried with an ethernet interface (nForce2 Ethernet) that actually reads packets not addressed to it ( I verified that using wireshark ). But I get the same problem:

The console only outputs

[*] DHCP attack started

and enters an infinite loop that uses 100% CPU.

I uncommented puts lines in exhaust.rb and I can read now that line 107:

puts "Received reply of type: " + offer.class.to_s 


Received reply of type: NilClass

Any idea what could be wrong? I tried multiple versions of metasploit with the same result.

Is there anything more I need to do to the network interface other than

ifconfig [interface] promisc


Link to comment
Share on other sites

  • 6 months later...

I never managed to track anything down. It has been a while since I used either of the modules but I've had reports from others who have used them and they say they've worked OK. I'll have a play now and see.

Link to comment
Share on other sites

The problem is that Metasploit has dropped one of the core libraries I use but when I rescue the error that it is missing I don't print anything so it just goes off into an infinite loop. I'll see if I can fix it with whatever is there now

Link to comment
Share on other sites

  • 2 weeks later...

hi Guys,

I just installed the plugin and it seems to be wonderful except for the fact that it will not generate traffic... I see some ordinary DHCP requests coming along and the plugin takes serveral minutes to quit (although the DHCP pool has been reduced to just 10 leases).

This takes about 5 minutes:

msf auxiliary(exhaust) > show options

Module options (auxiliary/digininja/dhcp_exhaustion/exhaust):

Name Current Setting Required Description

---- --------------- -------- -----------

FILTER no The filter string for capturing traffic

INTERFACE eth0 no The name of the interface

SNAPLEN 65535 yes The number of bytes to capture

TIMEOUT 10 yes Timeout waiting for server response

msf auxiliary(exhaust) > run

[*] DHCP attack started

[*] Timeout waiting for OFFER

[*] Got a timeout, assuming DHCP exhausted. You Win

[*] Finished

[*] Auxiliary module execution completed

msf auxiliary(exhaust) >

Which isn't very good. msfconsole is being ran as root so the interface should be editable. Is this due to not having put the interface in promiscuous mode?

I'd except the module to still flood the DHCP server (and thus exhaust it) although not receiving the packets going back to my box.

Am I correct?



Link to comment
Share on other sites

It is broken at the moment due to Metasploit dropping support for the old packet generator system and moving to Racket. I got half way through porting it the other day but ran out of time. If you need it to work soon grab a copy of Metasploit from svn from around when I released it will definitely work with pre-Racket versions.

Link to comment
Share on other sites

Try some of these:

$ svn log |grep "2010-01-01"

r8054 | hdm | 2010-01-01 19:51:22 +0000 (Fri, 01 Jan 2010) | 2 lines

r8053 | hdm | 2010-01-01 16:55:21 +0000 (Fri, 01 Jan 2010) | 2 lines

r8052 | hdm | 2010-01-01 15:17:02 +0000 (Fri, 01 Jan 2010) | 2 lines

r8051 | hdm | 2010-01-01 03:08:17 +0000 (Fri, 01 Jan 2010) | 2 lines

r8050 | egypt | 2010-01-01 00:19:15 +0000 (Fri, 01 Jan 2010) | 1 line

Link to comment
Share on other sites

  • 3 months later...

having an isssue

use auxiliary/dhcp_exhaustion/exhaust

[-] Failed to load module: auxiliary/dhcp_exhaustion/exhaust

I even went to the folder and I am still getting this message

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...