API tools faq
paste
Advertisement
pawn007

NTP AMP

pawn007
Feb 17th, 2019
2,242
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.68 KB | None | 0 0
raw download clone embed print report
  1. NTP scanning and filtering tutorial*
  2. *All the scripts used arent coded by me and I didnt invent any of this. Im just sharing it with you guys because sharing is caring.
  3.  
  4.  
  5. Why I made this tutorial
  6.  
  7. I just do this to help other people that dont know how to do this. And I couldnt really find any other HQ thread that covers NTP scanning and filtering.
  8.  
  9.  
  10. Requirements
  11.  
  12. 1. A VPS / Dedicated server that you can scan on (see 'Hosting' for some hosts). (I use centos 6.x)
  13. 2. Alot of bandwith
  14. 3. ntpchecker: http://www.mediafire.com/download/69htm0...ntpchecker
  15. 4. ntp_123_monlist.pkt: http://www.mediafire.com/download/2c369n...onlist.pkt
  16. 5. A brain (jk you wont need one)
  17.  
  18.  
  19. Hosting for scanning
  20.  
  21. Here are some hosting that I think are good for scanning:
  22. http://ecatel.co.uk/
  23. http://www.ovh.com/ca/en/
  24. http://www.soyoustart.com/ca/en/
  25. https://www.kimsufi.com/en/
  26. http://colocrossing.com/
  27. https://www.datashack.net/ (This is the one that I used and I had pretty good results Oui)
  28.  
  29.  
  30. How to scan
  31.  
  32. Spoiler (Click to Hide)
  33. Update your server
  34. Code
  35. yum -y update
  36. Install repositorys
  37. Centos 6:
  38. Code
  39. wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
  40. sudo rpm -Uvh epel-release-6-8.noarch.rpm
  41. Centos 7:
  42. Code
  43. wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
  44. sudo rpm -Uvh epel-release-7-5.noarch.rpm
  45. Install dependencies
  46. Code
  47. yum install gcc libcap libpcap libpcap-devel screen php dstat cmake gmp gmp-devel gengetopt byacc flex git json-c
  48. Install Zmap
  49. Code
  50. yum -y install zmap
  51.  
  52. - Upload the NTPChecker to your server -
  53. - Upload the ntp_123_monlist.pkt to your server -
  54.  
  55. Start the scan
  56. Code
  57. screen zmap -p 123 -M udp --probe-args=file:/root/ntp_123_monlist.pkt -o monlist_fingerprint.txt
  58. It can take pretty long please wait it out.
  59. Run the ntpchecker
  60. Give it permissions first:
  61. Code
  62. chmod 777 ntpchecker
  63. Run the checker:
  64. Code
  65. screen ./ntpchecker monlist_fingerprint.txt step1.txt 1 0 1
  66. Filter the list
  67. Code
  68. awk '$2>419{print $1}' step1.txt | sort -n | uniq | sort -R > ntpamp.txt
  69.  
  70. Enjoy!
  71. (My results where about 350x amplification: http://prntscr.com/9m34rx http://prntscr.com/9mhwrl )
  72.  
  73. Extra info
  74.  
  75. - If you have any issues post them below. -
  76. - NTP attack script: http://pastebin.com/raw/PJeYk4Bc (Thanks for the amazing script: https://hackforums.net/member.php?action...id=2623266).
  77. - I usually type screen first and when it opens the screen I type the command. -
  78.  
  79. This is for educational purposes only.
  80.  
  81. Thanks to:
  82. Google
  83. All of hackforums
  84. https://hackforums.net/member.php?action...id=2350472 for the dstat
  85.  
  86. This was my first tutorial. Please leave a thanks if you have enjoyed this tutorial. Black Hat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!