A Spoofing WAKE-ON-LAN Script

I was recently tasked with testing a Wake-On-LAN (WOL) solution. I haven’t done an awful lot with WOL before but so not to go into too much detail and bore you to death, a WOL packet is basically constructed by putting a DATAGRAM packet together with the data contents of a SYNC line followed by 16 iterations of the MAC address. The SYNC line is basically made up of 6 bytes of F’s or FF:FF:FF:FF:FF:FF. There are a number of tools available to do this and in Kali Linux there is the tool WOL-E written in python by Nathaniel Carew. This does a pretty good and provides two main options in that it can create a broadcast packet or a unicast directed packet.

Unfortunately the requirements placed on me meant that I needed to bypass some basic ACL’s to restart servers in a different network segment. I came up with two options, the first was to capture a WOL packet using TCPDUMP and then edit the layer three details before throwing it back on to the network with TCPREPLAY…..I know right your thinking TCPREPLAY passes UDP packets….go figure! It works. There is some basic fixing of checksums etc which you can use Wireshark to confirm when it is a bad packet and what the actual checksums should be or you can write something yourself. I decided to put together a script to create a WOL packet and then spoof the IP address that it came from. The code for which can be found here: wol-spoof

I thought that even if this post is not the most exciting, this script represents a template that can be applied a large number of situations so even if you choose not to use it for WOL then you may use it to build something more exciting.

Hope it’s useful to someone. ;-P

Leave a comment

Your email address will not be published. Required fields are marked *