hacktricks/network-services-pentesting/pentesting-ntp.md

139 lines
6.3 KiB
Markdown
Raw Normal View History

2022-10-27 23:22:18 +00:00
# 123/udp - Pentesting NTP
2022-04-28 16:01:33 +00:00
<details>
2024-01-03 10:42:55 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-03 10:42:55 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
2022-10-27 23:22:18 +00:00
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
2024-01-03 10:42:55 +00:00
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
2024-04-06 16:25:58 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
2024-01-03 10:42:55 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
2022-10-27 23:22:18 +00:00
</details>
2022-04-28 16:01:33 +00:00
2024-05-05 17:56:05 +00:00
<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
2023-02-27 09:28:45 +00:00
2023-12-04 15:45:05 +00:00
Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
2023-02-27 09:28:45 +00:00
2023-12-04 15:45:05 +00:00
**Hacking Insights**\
Engage with content that delves into the thrill and challenges of hacking
2023-02-27 09:28:45 +00:00
2023-12-04 15:45:05 +00:00
**Real-Time Hack News**\
Keep up-to-date with fast-paced hacking world through real-time news and insights
2023-07-14 15:03:41 +00:00
2023-12-04 15:45:05 +00:00
**Latest Announcements**\
Stay informed with the newest bug bounties launching and crucial platform updates
2023-07-14 15:03:41 +00:00
2023-12-04 15:45:05 +00:00
**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
2022-04-28 16:01:33 +00:00
2022-10-27 23:22:18 +00:00
## Basic Information
2024-04-06 16:25:58 +00:00
The **Network Time Protocol (NTP)** ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.
2024-02-08 21:36:15 +00:00
### Summary & Security Tips:
2024-04-06 16:25:58 +00:00
* **Purpose**: Syncs device clocks over networks.
* **Importance**: Critical for security, logging, and operations.
* **Security Measures**:
* Use trusted NTP sources with authentication.
* Limit NTP server network access.
* Monitor synchronization for signs of tampering.
**Default port:** 123/udp
2022-10-27 23:22:18 +00:00
```
PORT STATE SERVICE REASON
123/udp open ntp udp-response
```
2022-10-27 23:22:18 +00:00
## Enumeration
```bash
ntpq -c readlist <IP_ADDRESS>
ntpq -c readvar <IP_ADDRESS>
ntpq -c peers <IP_ADDRESS>
ntpq -c associations <IP_ADDRESS>
2020-09-22 19:10:51 +00:00
ntpdc -c monlist <IP_ADDRESS>
ntpdc -c listpeers <IP_ADDRESS>
ntpdc -c sysinfo <IP_ADDRESS>
```
```bash
nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <IP>
```
2022-10-27 23:22:18 +00:00
## Examine configuration files
* ntp.conf
2022-10-27 23:22:18 +00:00
## NTP Amplification Attack
2022-04-05 22:24:52 +00:00
[**How NTP DDoS Attack Works**](https://resources.infosecinstitute.com/network-time-protocol-ntp-threats-countermeasures/#gref)
2024-02-08 21:36:15 +00:00
The **NTP protocol**, using UDP, allows for operation without the need for handshake procedures, unlike TCP. This characteristic is exploited in **NTP DDoS amplification attacks**. Here, attackers create packets with a fake source IP, making it seem as if the attack requests come from the victim. These packets, initially small, prompt the NTP server to respond with much larger data volumes, amplifying the attack.
2024-04-06 16:25:58 +00:00
The _**MONLIST**_ command, despite its rare use, can report the last 600 clients connected to the NTP service. While the command itself is simple, its misuse in such attacks highlights critical security vulnerabilities.
```bash
2020-09-22 19:10:51 +00:00
ntpdc -n -c monlist <IP>
```
2022-10-27 23:22:18 +00:00
## Shodan
2020-09-22 17:46:52 +00:00
* `ntp`
2022-10-27 23:22:18 +00:00
## HackTricks Automatic Commands
2021-08-12 13:12:03 +00:00
2022-10-27 23:22:18 +00:00
```
2021-08-12 13:12:03 +00:00
Protocol_Name: NTP #Protocol Abbreviation if there is one.
Port_Number: 123 #Comma separated if there is more than one.
Protocol_Description: Network Time Protocol #Protocol Abbreviation Spelled out
2021-08-15 17:44:37 +00:00
Entry_1:
Name: Notes
Description: Notes for NTP
Note: |
2024-02-08 21:36:15 +00:00
The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.
2021-08-15 17:44:37 +00:00
https://book.hacktricks.xyz/pentesting/pentesting-ntp
Entry_2:
Name: Nmap
Description: Enumerate NTP
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}
2021-08-12 13:12:03 +00:00
```
2022-10-27 23:22:18 +00:00
2023-02-27 09:28:45 +00:00
2024-05-05 17:56:05 +00:00
<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
2023-07-14 15:03:41 +00:00
2023-12-04 15:45:05 +00:00
Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
2023-03-05 19:54:13 +00:00
2023-12-04 15:45:05 +00:00
**Hacking Insights**\
Engage with content that delves into the thrill and challenges of hacking
2022-04-28 16:01:33 +00:00
2023-12-04 15:45:05 +00:00
**Real-Time Hack News**\
Keep up-to-date with fast-paced hacking world through real-time news and insights
2022-04-28 16:01:33 +00:00
2023-12-04 15:45:05 +00:00
**Latest Announcements**\
Stay informed with the newest bug bounties launching and crucial platform updates
2023-02-27 09:28:45 +00:00
2023-12-04 15:45:05 +00:00
**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
2022-04-28 16:01:33 +00:00
2022-10-27 23:22:18 +00:00
<details>
2022-04-28 16:01:33 +00:00
2024-01-03 10:42:55 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-03 10:42:55 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
2022-10-27 23:22:18 +00:00
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
2024-01-03 10:42:55 +00:00
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
2024-04-06 16:25:58 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
2024-01-03 10:42:55 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
</details>