mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-24 13:43:24 +00:00
142 lines
6.3 KiB
Markdown
142 lines
6.3 KiB
Markdown
# 123/udp - Pentesting NTP
|
||
|
||
{% hint style="success" %}
|
||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
||
<details>
|
||
|
||
<summary>Support HackTricks</summary>
|
||
|
||
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
||
</details>
|
||
{% endhint %}
|
||
{% endhint %}
|
||
|
||
<figure><img src="/.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
|
||
|
||
Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
|
||
|
||
**Hacking Insights**\
|
||
Engage with content that delves into the thrill and challenges of hacking
|
||
|
||
**Real-Time Hack News**\
|
||
Keep up-to-date with fast-paced hacking world through real-time news and insights
|
||
|
||
**Latest Announcements**\
|
||
Stay informed with the newest bug bounties launching and crucial platform updates
|
||
|
||
**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
|
||
|
||
## Basic Information
|
||
|
||
The **Network Time Protocol (NTP)** ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.
|
||
|
||
### Summary & Security Tips:
|
||
|
||
* **Purpose**: Syncs device clocks over networks.
|
||
* **Importance**: Critical for security, logging, and operations.
|
||
* **Security Measures**:
|
||
* Use trusted NTP sources with authentication.
|
||
* Limit NTP server network access.
|
||
* Monitor synchronization for signs of tampering.
|
||
|
||
**Default port:** 123/udp
|
||
|
||
```
|
||
PORT STATE SERVICE REASON
|
||
123/udp open ntp udp-response
|
||
```
|
||
|
||
## Enumeration
|
||
|
||
```bash
|
||
ntpq -c readlist <IP_ADDRESS>
|
||
ntpq -c readvar <IP_ADDRESS>
|
||
ntpq -c peers <IP_ADDRESS>
|
||
ntpq -c associations <IP_ADDRESS>
|
||
ntpdc -c monlist <IP_ADDRESS>
|
||
ntpdc -c listpeers <IP_ADDRESS>
|
||
ntpdc -c sysinfo <IP_ADDRESS>
|
||
```
|
||
|
||
```bash
|
||
nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <IP>
|
||
```
|
||
|
||
## Examine configuration files
|
||
|
||
* ntp.conf
|
||
|
||
## NTP Amplification Attack
|
||
|
||
[**How NTP DDoS Attack Works**](https://resources.infosecinstitute.com/network-time-protocol-ntp-threats-countermeasures/#gref)
|
||
|
||
The **NTP protocol**, using UDP, allows for operation without the need for handshake procedures, unlike TCP. This characteristic is exploited in **NTP DDoS amplification attacks**. Here, attackers create packets with a fake source IP, making it seem as if the attack requests come from the victim. These packets, initially small, prompt the NTP server to respond with much larger data volumes, amplifying the attack.
|
||
|
||
The _**MONLIST**_ command, despite its rare use, can report the last 600 clients connected to the NTP service. While the command itself is simple, its misuse in such attacks highlights critical security vulnerabilities.
|
||
|
||
```bash
|
||
ntpdc -n -c monlist <IP>
|
||
```
|
||
|
||
## Shodan
|
||
|
||
* `ntp`
|
||
|
||
## HackTricks Automatic Commands
|
||
|
||
```
|
||
Protocol_Name: NTP #Protocol Abbreviation if there is one.
|
||
Port_Number: 123 #Comma separated if there is more than one.
|
||
Protocol_Description: Network Time Protocol #Protocol Abbreviation Spelled out
|
||
|
||
Entry_1:
|
||
Name: Notes
|
||
Description: Notes for NTP
|
||
Note: |
|
||
The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.
|
||
|
||
https://book.hacktricks.xyz/pentesting/pentesting-ntp
|
||
|
||
Entry_2:
|
||
Name: Nmap
|
||
Description: Enumerate NTP
|
||
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}
|
||
```
|
||
|
||
|
||
|
||
<figure><img src="/.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
|
||
|
||
Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
|
||
|
||
**Hacking Insights**\
|
||
Engage with content that delves into the thrill and challenges of hacking
|
||
|
||
**Real-Time Hack News**\
|
||
Keep up-to-date with fast-paced hacking world through real-time news and insights
|
||
|
||
**Latest Announcements**\
|
||
Stay informed with the newest bug bounties launching and crucial platform updates
|
||
|
||
**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
|
||
{% hint style="success" %}
|
||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
||
<details>
|
||
|
||
<summary>Support HackTricks</summary>
|
||
|
||
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
||
</details>
|
||
{% endhint %}
|
||
</details>
|
||
{% endhint %}
|