Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DHCP poisoner crashes for IP addresses ending in F #181

Open
ncc-brian opened this issue Dec 31, 2021 · 4 comments
Open

DHCP poisoner crashes for IP addresses ending in F #181

ncc-brian opened this issue Dec 31, 2021 · 4 comments

Comments

@ncc-brian
Copy link

The DHCP poisoner Fails to handle some packets with the following error:

# ./Responder.py -I eth0 -Pdv  
...
[+] Listening for events...

[*] [DHCP] Found DHCP server IP: [xx.xx.xx.xx], now waiting for incoming requests...
Traceback (most recent call last):
  File "/root/Responder/./Responder.py", line 383, in <module>
    main()
  File "/root/Responder/./Responder.py", line 374, in main
    DHCP(settings.Config.DHCP_DNS)
  File "/root/Responder/poisoners/DHCP.py", line 351, in DHCP
    ret = ParseDHCPCode(data[0][42:], ClientIP,DHCP_DNS)
  File "/root/Responder/poisoners/DHCP.py", line 271, in ParseDHCPCode
    IPConv = socket.inet_ntoa(IP)
OSError: packed IP wrong length for inet_ntoa

IP address is selected by regex at

Responder/poisoners/DHCP.py

Line 243 in 5cf6922

IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF]*', data))
and should look something like this:
b'\xac\x165L'

This then lands at

Responder/poisoners/DHCP.py

Line 268 in 5cf6922

IPConv = socket.inet_ntoa(IP)
where it is translated to a human-readable IP (this is where Python3 errors out).

A bit of digging shows that for the packets that fail, the value for IP returned from FindIP is a byte short. When this value is then fed into inet_ntoa it errors.

Example (this is the IP that was erroring):

>>> socket.inet_ntoa(b'\xac\x165F') # if IP is parsed correctly
'172.22.53.70'
>>> socket.inet_ntoa(b'\xac\x165') # as IP is parsed by the existing regex
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: packed IP wrong length for inet_ntoa

For the moment I'm working around it as follows:

def FindIP(data):
    # data = data.decode('latin-1')
    # IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF]*', data))
    # return ''.join(IP[0:4]).encode('latin-1')
    offset = data.find(b'\x32\x04')
    return data[offset+2:offset+6]

It also appears to work if the regex adds a dot before the star:

def FindIP(data):
    data = data.decode('latin-1')
    # IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF]*', data))
    IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF].*', data))
    return ''.join(IP[0:4]).encode('latin-1')

I won't say either fix is a good idea, just that it seems to be working for me. I suggest further investigation by people who know more than I do about this.

Thanks!
@ITmustang
Copy link

im having the same issue and the workarounds above do not work. any update on this issue?

@fsacer
Copy link

fsacer commented Jul 3, 2024

just ran into the same issue

@chadministratorwastaken
Copy link

Same issue here. Trying out the second workaround option.

@neiltylerbell
Copy link

Adding that I just saw this as well. Attempting ncc-brian's workaround.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@neiltylerbell @fsacer @ITmustang @ncc-brian @chadministratorwastaken