HackTricks123/udp - Pentesting NTP
Reading time: 4 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Basic Information
Network Time Protocol (NTP) inahakikisha kwamba kompyuta na vifaa vya mtandao katika mitandao yenye latensi tofauti zinaweza kusawazisha saa zao kwa usahihi. Ni muhimu kwa kudumisha usahihi wa wakati katika operesheni za IT, usalama, na uandishi wa kumbukumbu. Usahihi wa NTP ni muhimu, lakini pia unatoa hatari za usalama ikiwa hautasimamiwa vizuri.
Summary & Security Tips:
- Purpose: Inasawazisha saa za vifaa kupitia mitandao.
- Importance: Muhimu kwa usalama, uandishi wa kumbukumbu, na operesheni.
- Security Measures:
- Tumia vyanzo vya NTP vilivyoaminika na uthibitisho.
- Punguza upatikanaji wa mtandao wa seva za NTP.
- Fuatilia usawazishaji kwa dalili za kuingilia kati.
Default port: 123/udp
PORT STATE SERVICE REASON
123/udp open ntp udp-response
Uhesabu
ntpq -c readlist <IP_ADDRESS>
ntpq -c readvar <IP_ADDRESS>
ntpq -c peers <IP_ADDRESS>
ntpq -c associations <IP_ADDRESS>
ntpdc -c monlist <IP_ADDRESS>
ntpdc -c listpeers <IP_ADDRESS>
ntpdc -c sysinfo <IP_ADDRESS>
nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <IP>
Examine configuration files
- ntp.conf
NTP Amplification Attack
The NTP protocol, using UDP, allows for operation without the need for handshake procedures, unlike TCP. This characteristic is exploited in NTP DDoS amplification attacks. Here, attackers create packets with a fake source IP, making it seem as if the attack requests come from the victim. These packets, initially small, prompt the NTP server to respond with much larger data volumes, amplifying the attack.
The MONLIST command, despite its rare use, can report the last 600 clients connected to the NTP service. While the command itself is simple, its misuse in such attacks highlights critical security vulnerabilities.
ntpdc -n -c monlist <IP>
Shodan
ntp
HackTricks Automatic Commands
Protocol_Name: NTP #Protocol Abbreviation if there is one.
Port_Number: 123 #Comma separated if there is more than one.
Protocol_Description: Network Time Protocol #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for NTP
Note: |
The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.
https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-ntp.html
Entry_2:
Name: Nmap
Description: Enumerate NTP
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.