hacktricks/network-services-pentesting/pentesting-ntp.md

# 123/udp - Pentesting NTP

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
{% endhint %}

<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>

Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!

**Hacking Insights**\
Engage with content that delves into the thrill and challenges of hacking

**Real-Time Hack News**\
Keep up-to-date with fast-paced hacking world through real-time news and insights

**Latest Announcements**\
Stay informed with the newest bug bounties launching and crucial platform updates

**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!

## Informazioni di base

Il **Network Time Protocol (NTP)** garantisce che computer e dispositivi di rete su reti a latenza variabile sincronizzino i loro orologi in modo accurato. È fondamentale per mantenere una precisa misurazione del tempo nelle operazioni IT, nella sicurezza e nel logging. L'accuratezza dell'NTP è essenziale, ma presenta anche rischi per la sicurezza se non gestita correttamente.

### Riepilogo e suggerimenti per la sicurezza:

* **Scopo**: Sincronizza gli orologi dei dispositivi attraverso le reti.
* **Importanza**: Critico per la sicurezza, il logging e le operazioni.
* **Misure di sicurezza**:
* Utilizzare fonti NTP affidabili con autenticazione.
* Limitare l'accesso alla rete del server NTP.
* Monitorare la sincronizzazione per segni di manomissione.

**Porta predefinita:** 123/udp
```
PORT    STATE SERVICE REASON
123/udp open  ntp     udp-response
```
## Enumerazione
```bash
ntpq -c readlist <IP_ADDRESS>
ntpq -c readvar <IP_ADDRESS>
ntpq -c peers <IP_ADDRESS>
ntpq -c associations <IP_ADDRESS>
ntpdc -c monlist <IP_ADDRESS>
ntpdc -c listpeers <IP_ADDRESS>
ntpdc -c sysinfo <IP_ADDRESS>
```

```bash
nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <IP>
```
## Esaminare i file di configurazione

* ntp.conf

## Attacco di Amplificazione NTP

[**Come Funziona l'Attacco DDoS NTP**](https://resources.infosecinstitute.com/network-time-protocol-ntp-threats-countermeasures/#gref)

Il **protocollo NTP**, utilizzando UDP, consente il funzionamento senza la necessità di procedure di handshake, a differenza di TCP. Questa caratteristica viene sfruttata negli **attacchi di amplificazione DDoS NTP**. Qui, gli attaccanti creano pacchetti con un IP sorgente falso, facendo sembrare che le richieste di attacco provengano dalla vittima. Questi pacchetti, inizialmente piccoli, inducono il server NTP a rispondere con volumi di dati molto più grandi, amplificando l'attacco.

Il comando _**MONLIST**_, nonostante il suo uso raro, può segnalare gli ultimi 600 client connessi al servizio NTP. Sebbene il comando stesso sia semplice, il suo uso improprio in tali attacchi evidenzia vulnerabilità critiche nella sicurezza.
```bash
ntpdc -n -c monlist <IP>
```
## Shodan

* `ntp`

## HackTricks Comandi Automatici
```
Protocol_Name: NTP    #Protocol Abbreviation if there is one.
Port_Number:  123     #Comma separated if there is more than one.
Protocol_Description: Network Time Protocol         #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for NTP
Note: |
The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.

https://book.hacktricks.xyz/pentesting/pentesting-ntp

Entry_2:
Name: Nmap
Description: Enumerate NTP
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}
```
<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>

Unisciti al [**server Discord di HackenProof**](https://discord.com/invite/N3FrSbmwdy) per comunicare con hacker esperti e cacciatori di bug!

**Approfondimenti sul hacking**\
Interagisci con contenuti che esplorano l'emozione e le sfide dell'hacking

**Notizie di hacking in tempo reale**\
Rimani aggiornato con il mondo frenetico dell'hacking attraverso notizie e approfondimenti in tempo reale

**Ultimi annunci**\
Rimani informato sui nuovi bug bounty in arrivo e sugli aggiornamenti cruciali delle piattaforme

**Unisciti a noi su** [**Discord**](https://discord.com/invite/N3FrSbmwdy) e inizia a collaborare con i migliori hacker oggi!
{% hint style="success" %}
Impara e pratica Hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Impara e pratica Hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Supporta HackTricks</summary>

* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos di github.

</details>
{% endhint %}
</details>
{% endhint %}
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00			`# 123/udp - Pentesting NTP`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`<summary>Support HackTricks</summary>`
arte 2024-01-03 10:42:55 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`{% endhint %}`
			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>`
hp 2023-02-27 09:28:45 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Join [HackenProof Discord](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!`
hp 2023-02-27 09:28:45 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Hacking Insights\`
			`Engage with content that delves into the thrill and challenges of hacking`
hp 2023-02-27 09:28:45 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Real-Time Hack News\`
			`Keep up-to-date with fast-paced hacking world through real-time news and insights`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Latest Announcements\`
			`Stay informed with the newest bug bounties launching and crucial platform updates`
hp 2023-07-14 15:03:41 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Join us on [Discord](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!`
hp 2023-07-14 15:03:41 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`## Informazioni di base`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Il Network Time Protocol (NTP) garantisce che computer e dispositivi di rete su reti a latenza variabile sincronizzino i loro orologi in modo accurato. È fondamentale per mantenere una precisa misurazione del tempo nelle operazioni IT, nella sicurezza e nel logging. L'accuratezza dell'NTP è essenziale, ma presenta anche rischi per la sicurezza se non gestita correttamente.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`### Riepilogo e suggerimenti per la sicurezza:`
a 2024-02-08 21:36:15 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`* Scopo: Sincronizza gli orologi dei dispositivi attraverso le reti.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`* Importanza: Critico per la sicurezza, il logging e le operazioni.`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`* Misure di sicurezza:`
			`* Utilizzare fonti NTP affidabili con autenticazione.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`* Limitare l'accesso alla rete del server NTP.`
			`* Monitorare la sincronizzazione per segni di manomissione.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`Porta predefinita: 123/udp`
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`PORT STATE SERVICE REASON`
			`123/udp open ntp udp-response`
			```
Translated to Italian 2024-02-10 13:03:23 +00:00			`## Enumerazione`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`ntpq -c readlist <IP_ADDRESS>`
			`ntpq -c readvar <IP_ADDRESS>`
			`ntpq -c peers <IP_ADDRESS>`
			`ntpq -c associations <IP_ADDRESS>`
GitBook: [master] 377 pages modified 2020-09-22 19:10:51 +00:00			`ntpdc -c monlist <IP_ADDRESS>`
			`ntpdc -c listpeers <IP_ADDRESS>`
			`ntpdc -c sysinfo <IP_ADDRESS>`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```

			```bash
			`nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <IP>`
			```
Translated to Italian 2024-02-10 13:03:23 +00:00			`## Esaminare i file di configurazione`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`* ntp.conf`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`## Attacco di Amplificazione NTP`
a 2024-02-08 21:36:15 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`[Come Funziona l'Attacco DDoS NTP](https://resources.infosecinstitute.com/network-time-protocol-ntp-threats-countermeasures/#gref)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Il protocollo NTP, utilizzando UDP, consente il funzionamento senza la necessità di procedure di handshake, a differenza di TCP. Questa caratteristica viene sfruttata negli attacchi di amplificazione DDoS NTP. Qui, gli attaccanti creano pacchetti con un IP sorgente falso, facendo sembrare che le richieste di attacco provengano dalla vittima. Questi pacchetti, inizialmente piccoli, inducono il server NTP a rispondere con volumi di dati molto più grandi, amplificando l'attacco.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Il comando _MONLIST_, nonostante il suo uso raro, può segnalare gli ultimi 600 client connessi al servizio NTP. Sebbene il comando stesso sia semplice, il suo uso improprio in tali attacchi evidenzia vulnerabilità critiche nella sicurezza.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
GitBook: [master] 377 pages modified 2020-09-22 19:10:51 +00:00			`ntpdc -n -c monlist <IP>`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00			`## Shodan`
GitBook: [master] one page modified 2020-09-22 17:46:52 +00:00
			* `ntp`

Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`## HackTricks Comandi Automatici`
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00			```
HAC ntp 2021-08-12 13:12:03 +00:00			`Protocol_Name: NTP #Protocol Abbreviation if there is one.`
			`Port_Number: 123 #Comma separated if there is more than one.`
			`Protocol_Description: Network Time Protocol #Protocol Abbreviation Spelled out`

123 Yaml 2021-08-15 17:44:37 +00:00			`Entry_1:`
Translated to Italian 2024-02-10 13:03:23 +00:00			`Name: Notes`
			`Description: Notes for NTP`
			`Note: \|`
			`The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.`
123 Yaml 2021-08-15 17:44:37 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`https://book.hacktricks.xyz/pentesting/pentesting-ntp`
123 Yaml 2021-08-15 17:44:37 +00:00
			`Entry_2:`
Translated to Italian 2024-02-10 13:03:23 +00:00			`Name: Nmap`
			`Description: Enumerate NTP`
			`Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}`
HAC ntp 2021-08-12 13:12:03 +00:00			```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>`
hp 2023-07-14 15:03:41 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Unisciti al [server Discord di HackenProof](https://discord.com/invite/N3FrSbmwdy) per comunicare con hacker esperti e cacciatori di bug!`
GITBOOK-3816: No subject 2023-03-05 19:54:13 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Approfondimenti sul hacking\`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`Interagisci con contenuti che esplorano l'emozione e le sfide dell'hacking`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Notizie di hacking in tempo reale\`
			`Rimani aggiornato con il mondo frenetico dell'hacking attraverso notizie e approfondimenti in tempo reale`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`Ultimi annunci\`
			`Rimani informato sui nuovi bug bounty in arrivo e sugli aggiornamenti cruciali delle piattaforme`
hp 2023-02-27 09:28:45 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:09:41 +00:00			`Unisciti a noi su [Discord](https://discord.com/invite/N3FrSbmwdy) e inizia a collaborare con i migliori hacker oggi!`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`{% hint style="success" %}`
			`Impara e pratica Hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Impara e pratica Hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`<summary>Supporta HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`* Controlla i [piani di abbonamento](https://github.com/sponsors/carlospolop)!`
			`* Unisciti al 💬 [gruppo Discord](https://discord.gg/hRep4RUj7f) o al [gruppo telegram](https://t.me/peass) o seguici su Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Condividi trucchi di hacking inviando PR ai [HackTricks](https://github.com/carlospolop/hacktricks) e [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos di github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:34:23 +00:00			`{% endhint %}`
			`</details>`
			`{% endhint %}`