NTP - Port 123
nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 10.10.10.10
ntpq -c readlist <IP_ADDRESS>
ntpq -c readvar <IP_ADDRESS>
ntpq -c peers <IP_ADDRESS>
ntpq -c associations <IP_ADDRESS>
ntpdc -c monlist <IP_ADDRESS>
ntpdc -c listpeers <IP_ADDRESS>
ntpdc -c sysinfo <IP_ADDRESS>
Use this script to automatically check all these commands
https://github.com/Bhanunamikaze/PenTest-Scripts/blob/main/NTP_pentest.sh
#You can use any of the below commands
:config drefid mreadlist readvar
addvars exit mreadvar reslist
apeers help mrl rl
associations host mrulist rmvars
authenticate hostnames mrv rv
authinfo ifstats ntpversion saveconfig
cl iostats opeers showvars
clearvars kerninfo passociations sysinfo
clocklist keyid passwd sysstats
clockvar keytype peers timeout
config-from-file lassociations poll timerstats
cooked lopeers pstats version
cv lpassociations quit writelist
debug lpeers raw writevar
delay monstats readlist
Metasploit - Network Time Protocol (NTP) Mode 6 Scanner
msfconsole
use auxiliary/scanner/ntp/ntp_readvar
use auxiliary/scanner/ntp/ntp_peer_list_dos
set RHOSTS 10.10.10.10
run
Metasploit - Network Time Protocol Daemon Information Disclosure
ntpq
host 10.10.10.10
peers
readlist
#Restrict NTP mode 6 queries and Upgrade to NTP version 4.2.8p1 or later.
Comments
Post a Comment