123/udp - Pentesting NTP

Reading time: 3 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Basic Information

Network Time Protocol (NTP) inahakikisha kwamba kompyuta na vifaa vya mtandao katika mitandao yenye ucheleweshaji tofauti zinaweza kuunganisha saa zao kwa usahihi. Ni muhimu kwa kudumisha usahihi wa wakati katika shughuli za IT, usalama, na uandishi wa kumbukumbu. Usahihi wa NTP ni muhimu, lakini pia unaleta hatari za usalama ikiwa haujasimamiwa vizuri.

Summary & Security Tips:

Purpose: Inasawazisha saa za vifaa kupitia mitandao.
Importance: Muhimu kwa usalama, uandishi wa kumbukumbu, na shughuli.
Security Measures:
Tumia vyanzo vya NTP vilivyoaminika na uthibitisho.
Punguza upatikanaji wa mtandao wa seva za NTP.
Fuatilia usawazishaji kwa dalili za kuingilia kati.

Default port: 123/udp

PORT    STATE SERVICE REASON
123/udp open  ntp     udp-response

Uhesabu

bash

ntpq -c readlist <IP_ADDRESS>
ntpq -c readvar <IP_ADDRESS>
ntpq -c peers <IP_ADDRESS>
ntpq -c associations <IP_ADDRESS>
ntpdc -c monlist <IP_ADDRESS>
ntpdc -c listpeers <IP_ADDRESS>
ntpdc -c sysinfo <IP_ADDRESS>

bash

nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <IP>

Chunguza faili za usanidi

ntp.conf

Shambulio la Kuongeza Nguvu la NTP

Jinsi Shambulio la NTP DDoS Linavyofanya Kazi

Protokali ya NTP, inayotumia UDP, inaruhusu kufanya kazi bila haja ya taratibu za mkono, tofauti na TCP. Sifa hii inatumika katika shambulio la kuimarisha la NTP DDoS. Hapa, washambuliaji wanaunda pakiti zenye IP ya chanzo bandia, na kufanya ionekane kama maombi ya shambulio yanatoka kwa mwathirika. Pakiti hizi, mwanzoni ndogo, zinawasukuma seva ya NTP kujibu kwa kiasi kikubwa cha data, kuimarisha shambulio.

Amri ya MONLIST, licha ya matumizi yake nadra, inaweza kuripoti wateja 600 wa mwisho waliounganishwa na huduma ya NTP. Ingawa amri yenyewe ni rahisi, matumizi yake mabaya katika mashambulizi kama haya yanaonyesha mapungufu makubwa ya usalama.

bash

ntpdc -n -c monlist <IP>

Shodan

ntp

HackTricks Amri za Otomatiki

Protocol_Name: NTP    #Protocol Abbreviation if there is one.
Port_Number:  123     #Comma separated if there is more than one.
Protocol_Description: Network Time Protocol         #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for NTP
Note: |
The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.

https://book.hacktricks.xyz/pentesting/pentesting-ntp

Entry_2:
Name: Nmap
Description: Enumerate NTP
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.