Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve NTP monlist auxiliary module #3132

Merged
merged 2 commits into from Mar 25, 2014

Conversation

Projects
None yet
2 participants
@mcantoni
Copy link
Contributor

commented Mar 21, 2014

I made ​​some changes to make the module more similar to a "NTP monlist" scanner.

  • add entries counter in the results;
  • add RETRY options;
  • add SHOW_LIST options;
  • add references;
  • modify description;

Notes:

With auxiliary/scanner/ntp/ntp_monlist, auxiliary/scanner/chargen/chargen_probe and
auxiliary/scanner/dns/dns_amp (https://github.com/rapid7/metasploit-framework/pull/2929/commits)
we cover the main network services used for nowadays amplification attacks.

Demo using ntp pkg (1:4.2.6.p3+dfsg-1ubuntu3.1) on Ubuntu 12.04.4 LTS:

msf auxiliary(ntp_monlist) > show options

Module options (auxiliary/scanner/ntp/ntp_monlist):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to probe in each set
   CHOST                       no        The local client address
   RETRY      1                no        Number of tries to query the alleged NTP server
   RHOSTS     1.2.3.4          yes       The target address range or CIDR identifier
   RPORT      123              yes       The target port
   SHOW_LIST  false            no        Show the recents clients list
   THREADS    1                yes       The number of concurrent threads

msf auxiliary(ntp_monlist) > set VERBOSE true
VERBOSE => true
msf auxiliary(ntp_monlist) > set SHOW_LIST true
SHOW_LIST => true
msf auxiliary(ntp_monlist) > run

[*] Sending probes to 1.2.3.4->1.2.3.4 (1 hosts)
[*] 1.2.3.4:123 1.1.1.1:123 (lst: 95 sec., cnt: 295]
[*] 1.2.3.4:123 2.2.2.2:123 (lst: 63811 sec., cnt: 8]
[*] 1.2.3.4:123 3.3.4.3:21399 (lst: 153575 sec., cnt: 8]
...
...
[+] 1.2.3.4:123 NTP 'monlist' request permitted (480 entries)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

@wvu-r7 wvu-r7 self-assigned this Mar 21, 2014

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Mar 22, 2014

Love this. Thanks, @mcantoni. :)

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Mar 25, 2014

PR for you!

@mcantoni

This comment has been minimized.

Copy link
Contributor Author

commented Mar 25, 2014

Very good, thank you :)

wvu-r7 added a commit that referenced this pull request Mar 25, 2014

@wvu-r7 wvu-r7 merged commit 1c47973 into rapid7:master Mar 25, 2014

1 check passed

default The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.