Macstealer responds to two different DHCP offers and get neither

[pwnf]

Macstealer performs the EAP and MSCHAPv2 handshake successfully. It then performs a DHCP broadcast and receives two different DHCP offers with a different IP in each offer from the DHCP service. Macstealer proceeds to respond with a DHCP request for each IP address which presumably confuses the DHCP server and the DHCP requests fail. Offer 1: 10.218.144.69 Offer 2: 10.218.145.10

One DHCP request is sent for 10.218.144.69 and four DHCP requests are sent for 10.218.145.10.

Note: If I create basic wpa_supplicant.conf file and manually use wpa_supplicant followed by dhclient, I am able to connect and obtain an ip address as expected.

Great research - keen to try this out!

[vanhoefm]

Thanks for the detailed report and screenshots!

Can you try a patch that I pushed? You can execute:

git fetch --all
git checkout dhcp-fix

Then run the script again as usual.

[pwnf]

Hi, appreciate you looking into this but unfortunately I no longer have access to the testing environment. Therefore, I can't conclude whether your patch worked or not. Thanks again.