FrankSpierings · November 12, 2024 13:04 · FLX-0x00 · Nov 12, 2024
diff --git a/mac-bruteforce.py b/mac-bruteforce.py
 import time
 from itertools import product
 import sys
 from scapy.all import *

 prefixes = ['001122','445566']
 timeout = 10
 breakcounter = 255
 iface = 'eth0'

 def capture(packet):
 	# packet.show()
 	print('Allowed: {0} = {1}'.format(str2mac(packet['BOOTP'].chaddr[:6]), packet['BOOTP'].yiaddr))

 sniffer = AsyncSniffer(iface=iface, filter='udp dst port 68', prn=capture)
 sniffer.start()

 reset = breakcounter
 try:
 	for x in prefixes:
 		prefix = ':'.join([x[i:i+2] for i in range(0, len(x), 2)])
 		for y in product('0123456789abcdef', repeat=12-len(x)):
 			suffix = ':'.join(['{0}{1}'.format(y[i], y[i+1]) for i in range(0, len(y), 2)])
 			macaddress = '{0}:{1}'.format(prefix, suffix)			

 			p = Ether(src=macaddress, dst="ff:ff:ff:ff:ff:ff")/\
 				IP(src="0.0.0.0", dst="255.255.255.255") /\
 				UDP(sport=68, dport=67) /\
 				BOOTP(chaddr=mac2str(macaddress)) /\
 				DHCP(options=[("message-type", "discover"),("hostname", 'scapy'), "end"])

 			sys.stdout.write('Sending: {0}\r'.format(macaddress))
 			sendp(p, iface=iface, verbose=0)
 			if breakcounter:
 				breakcounter -= 1
 				if breakcounter < 1:
 					breakcounter = reset
 					break
 	print()
 	print('Sleeping: {0:d}s'.format(timeout))
 	time.sleep(timeout)
 	sniffer.stop()

 except KeyboardInterrupt:
 	sniffer.stop()

 print('Shutdown...')
	import time
	from itertools import product
	import sys
	from scapy.all import *

	prefixes = ['001122','445566']
	timeout = 10
	breakcounter = 255
	iface = 'eth0'

	def capture(packet):
	# packet.show()
	print('Allowed: {0} = {1}'.format(str2mac(packet['BOOTP'].chaddr[:6]), packet['BOOTP'].yiaddr))

	sniffer = AsyncSniffer(iface=iface, filter='udp dst port 68', prn=capture)
	sniffer.start()

	reset = breakcounter
	try:
	for x in prefixes:
	prefix = ':'.join([x[i:i+2] for i in range(0, len(x), 2)])
	for y in product('0123456789abcdef', repeat=12-len(x)):
	suffix = ':'.join(['{0}{1}'.format(y[i], y[i+1]) for i in range(0, len(y), 2)])
	macaddress = '{0}:{1}'.format(prefix, suffix)

	p = Ether(src=macaddress, dst="ff:ff:ff:ff:ff:ff")/\
	IP(src="0.0.0.0", dst="255.255.255.255") /\
	UDP(sport=68, dport=67) /\
	BOOTP(chaddr=mac2str(macaddress)) /\
	DHCP(options=[("message-type", "discover"),("hostname", 'scapy'), "end"])

	sys.stdout.write('Sending: {0}\r'.format(macaddress))
	sendp(p, iface=iface, verbose=0)
	if breakcounter:
	breakcounter -= 1
	if breakcounter < 1:
	breakcounter = reset
	break
	print()
	print('Sleeping: {0:d}s'.format(timeout))
	time.sleep(timeout)
	sniffer.stop()

	except KeyboardInterrupt:
	sniffer.stop()

	print('Shutdown...')