NSE:broadcast-dhcp-discover

Posted by Andrew Campbell April 26, 2021

NSE:broadcast-dhcp-discover

This is a very simple NSE script. Essentially what this script is doing is asking the DHCP server for an available IP addresses.

What would be the value in this?

Well like any kind of recon, every little bit of information provides piece of the bigger picture.

Let's look at the picture below. What can we gather? What can we assume?

- We know that we are dealing with a router (192.168.1.254)

- We know the lease time is 1 day, is this router DHCP using the default lease time? What else is left as default?

- We know what the network is 255.255.255.0. Which means we know the max number of leases at any given time 255.

- We can make some educated guesses about the DHCP pool. It is interesting that it handed out 1.65. Why not 1.2 or 1.3? Or some other address near the beginning? Perhaps the DHCP pool starts at something like 1.50? We don't know for sure, however you could make an assumption here that the pool starts a bit higher.

Reference:

[1] https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html

Search This Blog

Cyber Security and Automation

NSE:broadcast-dhcp-discover

Popular Posts

Detecting Brute Force Attack - Wireshark

How to Start a Technology Blog