DHCP Server - Metasploit

This page contains detailed information about how to use the auxiliary/server/dhcp metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview

---

Name: DHCP Server
Module: auxiliary/server/dhcp
Source code: modules/auxiliary/server/dhcp.rb
Disclosure date: -
Last modification time: 2021-01-28 10:35:25 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module provides a DHCP service

Module Ranking and Traits

---

Module Ranking:

• normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

---

msf > use auxiliary/server/dhcp
msf auxiliary(dhcp) > show targets
    ... a list of targets ...
msf auxiliary(dhcp) > set TARGET target-id
msf auxiliary(dhcp) > show options
    ... show and set options ...
msf auxiliary(dhcp) > exploit

Required Options

---

• SRVHOST: The IP of the DHCP server

• NETMASK: The netmask of the local subnet

Go back to menu.

Msfconsole Usage

---

Here is how the server/dhcp auxiliary module looks in the msfconsole:

msf6 > use auxiliary/server/dhcp

msf6 auxiliary(server/dhcp) > show info

       Name: DHCP Server
     Module: auxiliary/server/dhcp
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  scriptjunkie
  apconole <[email protected]>

Available actions:
  Name     Description
  ----     -----------
  Service  Run DHCP server

Check supported:
  No

Basic options:
  Name         Current Setting  Required  Description
  ----         ---------------  --------  -----------
  BROADCAST                     no        The broadcast address to send to
  DHCPIPEND                     no        The last IP to give out
  DHCPIPSTART                   no        The first IP to give out
  DNSSERVER                     no        The DNS server IP address
  DOMAINNAME                    no        The optional domain name to assign
  FILENAME                      no        The optional filename of a tftp boot server
  HOSTNAME                      no        The optional hostname to assign
  HOSTSTART                     no        The optional host integer counter
  NETMASK                       yes       The netmask of the local subnet
  ROUTER                        no        The router IP address
  SRVHOST                       yes       The IP of the DHCP server

Description:
  This module provides a DHCP service

Module Options

---

This is a complete list of options available in the server/dhcp auxiliary module:

msf6 auxiliary(server/dhcp) > show options

Module options (auxiliary/server/dhcp):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   BROADCAST                     no        The broadcast address to send to
   DHCPIPEND                     no        The last IP to give out
   DHCPIPSTART                   no        The first IP to give out
   DNSSERVER                     no        The DNS server IP address
   DOMAINNAME                    no        The optional domain name to assign
   FILENAME                      no        The optional filename of a tftp boot server
   HOSTNAME                      no        The optional hostname to assign
   HOSTSTART                     no        The optional host integer counter
   NETMASK                       yes       The netmask of the local subnet
   ROUTER                        no        The router IP address
   SRVHOST                       yes       The IP of the DHCP server

Auxiliary action:

   Name     Description
   ----     -----------
   Service  Run DHCP server

Advanced Options

---

Here is a complete list of advanced options supported by the server/dhcp auxiliary module:

msf6 auxiliary(server/dhcp) > show advanced

Module advanced options (auxiliary/server/dhcp):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   VERBOSE    false            no        Enable detailed status messages
   WORKSPACE                   no        Specify the workspace for this module

Auxiliary Actions

---

This is a list of all auxiliary actions that the server/dhcp module can do:

msf6 auxiliary(server/dhcp) > show actions

Auxiliary actions:

   Name     Description
   ----     -----------
   Service  Run DHCP server

Evasion Options

---

Here is the full list of possible evasion options supported by the server/dhcp auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(server/dhcp) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Related Pull Requests

---

• #14696 Merged Pull Request: Zeitwerk rex folder
• #13443 Merged Pull Request: Add descriptions to auxiliary modules Actions
• #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
• #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
• #6655 Merged Pull Request: use MetasploitModule as a class name
• #6648 Merged Pull Request: Change metasploit class names
• #3893 Merged Pull Request: Add DHCP server module for CVE-2014-6271
• #2525 Merged Pull Request: Change module boilerplate
• #1228 Merged Pull Request: MSFTIDY cleanup #1 - auxiliary

Go back to menu.

See Also

---

Check also the following modules related to this module:

• auxiliary/scanner/http/apache_mod_cgi_bash_env
• exploit/linux/http/advantech_switch_bash_env_exec
• exploit/linux/http/ipfire_bashbug_exec
• exploit/linux/local/bash_profile_persistence
• exploit/multi/ftp/pureftpd_bash_env_exec
• exploit/multi/http/apache_mod_cgi_bash_env_exec
• exploit/multi/http/cups_bash_env_exec
• exploit/osx/local/vmware_bash_function_root
• exploit/unix/dhcp/bash_environment
• exploit/unix/smtp/qmail_bash_env_exec
• payload/cmd/unix/reverse_bash
• payload/cmd/unix/reverse_bash_telnet_ssl
• payload/cmd/unix/reverse_bash_udp
• auxiliary/gather/alienvault_iso27001_sqli
• auxiliary/gather/alienvault_newpolicyform_sqli
• auxiliary/scanner/openvas/openvas_gsad_login
• auxiliary/scanner/openvas/openvas_omp_login
• auxiliary/scanner/openvas/openvas_otp_login
• auxiliary/scanner/printer/printer_env_vars
• auxiliary/scanner/sap/sap_mgmt_con_getenv
• encoder/x86/fnstenv_mov
• exploit/linux/http/alienvault_exec
• exploit/linux/http/alienvault_sqli_exec
• exploit/linux/ids/alienvault_centerd_soap_exec
• exploit/multi/misc/openview_omniback_exec
• exploit/unix/webapp/openview_connectednodes_exec
• exploit/windows/http/hp_nnm_openview5
• exploit/windows/http/hp_openview_insight_backdoor
• post/linux/gather/openvpn_credentials
• post/multi/gather/env
• post/windows/gather/enum_powershell_env
• auxiliary/dos/dhcp/isc_dhcpd_clientid
• exploit/unix/dhcp/rhel_dhcp_client_command_injection
• exploit/linux/local/blueman_set_dhcp_handler_dbus_priv_esc
• exploit/unix/http/pihole_dhcp_mac_exec

Authors

---

• scriptjunkie
• [email protected]

Version

---

This page has been produced using Metasploit Framework version 6.1.27-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.