Last active
May 23, 2022 13:13
-
-
Save FrankSpierings/a263b3097f87c3a2c3c9a7d121535253 to your computer and use it in GitHub Desktop.
Brute force a mac address using Scapy and DHCP to check the response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import time | |
from itertools import product | |
import sys | |
from scapy.all import * | |
prefixes = ['001122','445566'] | |
timeout = 10 | |
breakcounter = 255 | |
iface = 'eth0' | |
def capture(packet): | |
# packet.show() | |
print('Allowed: {0} = {1}'.format(str2mac(packet['BOOTP'].chaddr[:6]), packet['BOOTP'].yiaddr)) | |
sniffer = AsyncSniffer(iface=iface, filter='udp dst port 68', prn=capture) | |
sniffer.start() | |
reset = breakcounter | |
try: | |
for x in prefixes: | |
prefix = ':'.join([x[i:i+2] for i in range(0, len(x), 2)]) | |
for y in product('0123456789abcdef', repeat=12-len(x)): | |
suffix = ':'.join(['{0}{1}'.format(y[i], y[i+1]) for i in range(0, len(y), 2)]) | |
macaddress = '{0}:{1}'.format(prefix, suffix) | |
p = Ether(src=macaddress, dst="ff:ff:ff:ff:ff:ff")/\ | |
IP(src="0.0.0.0", dst="255.255.255.255") /\ | |
UDP(sport=68, dport=67) /\ | |
BOOTP(chaddr=mac2str(macaddress)) /\ | |
DHCP(options=[("message-type", "discover"),("hostname", 'scapy'), "end"]) | |
sys.stdout.write('Sending: {0}\r'.format(macaddress)) | |
sendp(p, iface=iface, verbose=0) | |
if breakcounter: | |
breakcounter -= 1 | |
if breakcounter < 1: | |
breakcounter = reset | |
break | |
print() | |
print('Sleeping: {0:d}s'.format(timeout)) | |
time.sleep(timeout) | |
sniffer.stop() | |
except KeyboardInterrupt: | |
sniffer.stop() | |
print('Shutdown...') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment