Sending a request for a specific ip from the dhcp

Question

I want to send through Scapy discover request of certain ip address (lets say 10.0.0.30 , ( if there is such a possibility also cause the DHCP server to treat it as fixed after he give me the ip its even better ) how do I do it ? How can I get a certain IP ? (Of course all of the above applies on ip that right now not occupied by any client in the server (free ip right now , but no ip that never used) )

Answer 1

see dhcpig a scapy based script that performs a DHCP exhaustion attack by sending DHCPDiscover and then DHCPRequest to ack an IP.

 dhcp_discover =  Ether(src=m,dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=[mac2str(m)],xid=myxid)/DHCP(options=[("message-type","discover"),("hostname",hostname),"end"])
 ...
 dhcp_req = Ether(src=localm,dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=[mac2str(localm)],xid=localxid)/DHCP(options=[("message-type","request"),("server_id",sip),("requested_addr",myip),("hostname",myhostname),("param_req_list","pad"),"end"])

Answer 2

You can request a particular IP address by using the Requested IP Address option. Please read the [RFC][1]

In order to create such kind of request you can use the requested_addr option in scapy.

Here is the sample code:

dhcp_request = (Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","request"),("requested_addr", "10.0.0.1"),"end"]))

Tested on Kali linux. [1]: https://www.rfc-editor.org/rfc/rfc2132#section-9