In order to demonstrate the value of DHCP Spoofing and Dynamic ARP inspection I'm labbing the vulnerabilities they defend. Using VirtualBox I have one client Windows 10 computer, another running OpenDHCP and Kali Linux all sharing a virtual network.
First I tried DHCP starvation with Yersinia and DHCPig originating from Kali targeting the OpenDHCP server. Thousands of DHCP Discover messages are generated and temporarily occupy resources of the DHCP server, but neither tool completes the DHCP transaction with DHCP Offer messages to confirm interest in the lease and finalize the handshake. The result is that when the flood of DHCP Discover messages ends the DHCP server resumes normal operation almost immediately instead of holding onto full leases for the duration of a full default lease to exhaust the scope. I can watch the traffic in WireShark and confirm that Discover messages are followed by Offers from the server, but again, no Requests and Acknowledge messages.
The other vulnerability through DHCP traffic spoofing I'd like to explore is DHCP Spoofing where Kali releases the lease that the client Windows 10 computer made with the OpenDHCP server. Yersinia and DHCPig are supposed to be able to exploit this also, but if I monitor WireShark traffic, no DHCP Release message is generated by Kali.
Are there other tools that I should be using? I’ve researched tutorials for these exploits and what I’m trying to accomplish is pretty basic as far as requirements from the tools. In other words default settings should be able adequate. Has anyone else tried to recreate these exploits?
Thanks in advance!
No comments:
Post a Comment