Magic Packet / Wake-On-LAN

Currently working with Magic Packets (Wake-On-LAN packets) in Scapy. First time I've ever really worked with them at the packet level. I managed to get it working, but noticed noticed that they only wake a system up for about 20 seconds. Does anyone know if there is some way I can modify the packet to wake up the system for longer? Or am I going to have to continue to blast the system with packets until the job is done?

Long story short, the Air Force base I'm working at is going green. They've decided that to conserve energy, all workstations should be configured to go to sleep after 45 minutes of inactivity. Problem is...this makes my job a hell of a lot harder because its really tough to scan systems for vulnerabilities if they are asleep

...

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

mayhem87

Thats really strange. When I set it up for home use I could manually send the packet 1 time and it would wake the system up. Maybe check out this Woly | Free System Administration software downloads at SourceForge.net and do a capture to see if its sending out more than one packet. This is what I used at home.

Qord

You say they only stay awake for 20 seconds....are they shutting off or going to sleep/hibernate? That really shouldn't happen; Once you wol them, they should be woken up. I've got a few homegrown wol scripts (auto-it and powershell) if you're interested in them.

It wouldn't hurt to try using something else, like the free wol thing from Solarwinds. I use it from time-to-time when my other options fail me.

networkjutsu

I used to do a lot of WOLing at home for my HTPC. I used cron job to wake my HTPC up to record OTV or Cable TV shows that I used to watch. Now that I think about it, I still do it at home using an app on iPhone to power up my main desktop or HTPC. As people have mentioned, once it sent the WOL packet it should stay up.

the_hutch

After the 20-30 seconds, they don't power off, they just go back to sleep. Another packet will wake it right back up again for another 30 seconds or so. I've tested it with about 10 different systems on site. Same results with all of them. Because its DOD...they are picky about 3rd party software, but I would definitely be interested in seeing the powershell script Qord.

Qord

Disclaimer: I take no credit for these, I merely adapted what I found to fit what I need. If the machine I'm trying to wol is local (same subnet) this is the one I use. (I haven't yet gotten a PS script to work when hopping routers/subnets) It's looking for the syntax ".\LocalWOLTry.ps1 aaaaaaaaaaddffbb", and does not like formatted MAC addresses. Unfortunately, I don't remember where the source of this came from. Probably technet. This is for one-off's and isn't really scalable in it's current format.

param (
    $targetMac,
    $network = [net.ipaddress]::Broadcast,
    $subnet = [net.ipaddress]::Broadcast
)
try {
    if($network.gettype().equals([string])) {
        $network = [net.ipaddress]::Parse($network);
    }
    if($subnet.gettype().equals([string])) {
        $subnet = [net.ipaddress]::Parse($subnet);
    }
    $broadcast = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $subnet.address -bor $network.address))

    $mac = [Net.NetworkInformation.PhysicalAddress]::Parse($targetMac.toupper().replace(".",""))

    $u = New-Object net.sockets.udpclient
    $ep = New-Object net.ipendpoint $broadcast, 0
    $ep2 = New-Object net.ipendpoint $broadcast, 7
    $ep3 = New-Object net.ipendpoint $broadcast, 9

    $payload = [byte[]]@(255,255,255, 255,255,255);
    $payload += ($mac.GetAddressBytes()*16)

    for($i = 0; $i -lt 10; $i++) {
        $u.Send($payload, $payload.Length, $ep) | Out-Null
        $u.Send($payload, $payload.Length, $ep2) | Out-Null
        $u.Send($payload, $payload.Length, $ep3) | Out-Null
        sleep 1;
    }
} catch {
    $Error | Write-Error;
}

The one I use to wol my whole building is adapted from the script found here:
WakeUp-Machines
This one is quite nice as it pulls from a csv.

the_hutch

Qord wrote: »

I haven't yet gotten a PS script to work when hopping routers/subnets

I actually do most of my coding for work in PS. However, I went with Python on this one because of this exact problem. Natively, the "magic packet" is sent to the layer-2 broadcast address so it only works on your local subnet. However, because Scapy (in Python) allows you to custom craft your own packets, I just stacked the traditional magic packet with IP and UDP layers to launch it remotely. Still not sure why a single packet is only waking systems for less than a minute, but I've modified the script so that it continually sends packets to keep the system awake while performing its other tasks.

gorebrush

Remember the remote machines need to be configured for S3 power saving in their BIOS.

From my DD-WRT router, or etherwake on my resident Linux server, I think they just send one packet and that's enough to wake up either of my workstations.

Devilsbane

the_hutch wrote: »

After the 20-30 seconds, they don't power off, they just go back to sleep.

It sounds like they get the packet, wake up, don't see any activity and then are going back to sleep because the 45 minute timer never got reset. Very odd indeed.