UDP Wake-On-Lan (WOL) - Metasploit


This page contains detailed information about how to use the auxiliary/admin/misc/wol metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents
hide

Module Overview

Name: UDP Wake-On-Lan (WOL)
Module: auxiliary/admin/misc/wol
Source code: modules/auxiliary/admin/misc/wol.rb
Disclosure date: -
Last modification time: 2019-03-05 04:43:37 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module will turn on a remote machine with a network card that supports wake-on-lan (or MagicPacket). In order to use this, you must know the machine's MAC address in advance. The current default MAC address is just an example of how your input should look like. The password field is optional. If present, it should be in this hex format: 001122334455, which is translated to "0x001122334455" in binary. Note that this should be either 4 or 6 bytes long.

Module Ranking and Traits

Module Ranking:

  • normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

msf > use auxiliary/admin/misc/wol
msf auxiliary(wol) > show targets
    ... a list of targets ...
msf auxiliary(wol) > set TARGET target-id
msf auxiliary(wol) > show options
    ... show and set options ...
msf auxiliary(wol) > exploit

Go back to menu.

Msfconsole Usage

Here is how the admin/misc/wol auxiliary module looks in the msfconsole:

msf6 > use auxiliary/admin/misc/wol

msf6 auxiliary(admin/misc/wol) > show info

       Name: UDP Wake-On-Lan (WOL)
     Module: auxiliary/admin/misc/wol
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  sinn3r <[email protected]>

Check supported:
  No

Basic options:
  Name      Current Setting    Required  Description
  ----      ---------------    --------  -----------
  IPV6      false              no        Use IPv6 broadcast
  MAC       00:90:27:85:cf:01  yes       Specify a MAC address
  PASSWORD                     no        Specify a four or six-byte password

Description:
  This module will turn on a remote machine with a network card that 
  supports wake-on-lan (or MagicPacket). In order to use this, you 
  must know the machine's MAC address in advance. The current default 
  MAC address is just an example of how your input should look like. 
  The password field is optional. If present, it should be in this hex 
  format: 001122334455, which is translated to "0x001122334455" in 
  binary. Note that this should be either 4 or 6 bytes long.

Module Options

This is a complete list of options available in the admin/misc/wol auxiliary module:

msf6 auxiliary(admin/misc/wol) > show options

Module options (auxiliary/admin/misc/wol):

   Name      Current Setting    Required  Description
   ----      ---------------    --------  -----------
   IPV6      false              no        Use IPv6 broadcast
   MAC       00:90:27:85:cf:01  yes       Specify a MAC address
   PASSWORD                     no        Specify a four or six-byte password

Advanced Options

Here is a complete list of advanced options supported by the admin/misc/wol auxiliary module:

msf6 auxiliary(admin/misc/wol) > show advanced

Module advanced options (auxiliary/admin/misc/wol):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CHOST                       no        The local client address
   CPORT                       no        The local client port
   VERBOSE    false            no        Enable detailed status messages
   WORKSPACE                   no        Specify the workspace for this module

Auxiliary Actions

This is a list of all auxiliary actions that the admin/misc/wol module can do:

msf6 auxiliary(admin/misc/wol) > show actions

Auxiliary actions:

   Name  Description
   ----  -----------

Evasion Options

Here is the full list of possible evasion options supported by the admin/misc/wol auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(admin/misc/wol) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Error Messages

This module may fail with the following error messages:

Error Messages

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

Invalid MAC address format

Here is a relevant code snippet related to the "Invalid MAC address format" error message:

37:	  # Convert the MAC option to binary format
38:	  #
39:	  def get_mac_addr
40:	    mac = datastore['MAC']
41:	    if mac !~ /^([0-9a-zA-Z]{2}\:){5}[0-9a-zA-Z]{2}$/
42:	      print_error("Invalid MAC address format")
43:	      return nil
44:	    end
45:	
46:	    bin_mac = ''
47:	    mac.split(':').each do |group|

Bad password format or length: <DATASET.INSPECT>

Here is a relevant code snippet related to the "Bad password format or length: <DATASET.INSPECT>" error message:

66:	        pass << group.to_i
67:	      end
68:	
69:	      return pass
70:	    else
71:	      print_error("Bad password format or length: #{dataset.inspect}")
72:	    end
73:	
74:	    nil
75:	  end
76:

Go back to menu.

Go back to menu.

See Also

Check also the following modules related to this module:

Authors

  • sinn3r

Version

This page has been produced using Metasploit Framework version 6.2.7-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.