maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/pentesting-ntp.md

77 lines
2.7 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 123/udp - Pentesting NTP
{{#include ../banners/hacktricks-training.md}}
## 基本信息
**网络时间协议 (NTP)** 确保计算机和网络设备在可变延迟网络中准确同步其时钟。它对于维护IT操作、安全和日志记录中的精确计时至关重要。NTP的准确性是必不可少的但如果管理不当也会带来安全风险。
### 摘要与安全提示:
- **目的**:在网络上同步设备时钟。
- **重要性**:对安全、日志记录和操作至关重要。
- **安全措施**
- 使用带有身份验证的可信NTP源。
- 限制NTP服务器的网络访问。
- 监控同步以发现篡改迹象。
**默认端口:** 123/udp
```
PORT STATE SERVICE REASON
123/udp open ntp udp-response
```
## 枚举
```bash
ntpq -c readlist <IP_ADDRESS>
ntpq -c readvar <IP_ADDRESS>
ntpq -c peers <IP_ADDRESS>
ntpq -c associations <IP_ADDRESS>
ntpdc -c monlist <IP_ADDRESS>
ntpdc -c listpeers <IP_ADDRESS>
ntpdc -c sysinfo <IP_ADDRESS>
```
```bash
nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <IP>
```
## 检查配置文件
- ntp.conf
## NTP 放大攻击
[**NTP DDoS 攻击是如何工作的**](https://resources.infosecinstitute.com/network-time-protocol-ntp-threats-countermeasures/#gref)
**NTP 协议**使用 UDP允许在不需要握手程序的情况下操作这与 TCP 不同。这个特性在**NTP DDoS 放大攻击**中被利用。在这里,攻击者创建带有假源 IP 的数据包,使攻击请求看起来像是来自受害者。这些最初较小的数据包促使 NTP 服务器以更大数据量进行响应,从而放大攻击。
尽管 _**MONLIST**_ 命令使用较少,但可以报告最后 600 个连接到 NTP 服务的客户端。虽然该命令本身很简单,但在此类攻击中的误用突显了关键的安全漏洞。
```bash
ntpdc -n -c monlist <IP>
```
## Shodan
- `ntp`
## HackTricks 自动命令
```
Protocol_Name: NTP #Protocol Abbreviation if there is one.
Port_Number: 123 #Comma separated if there is more than one.
Protocol_Description: Network Time Protocol #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for NTP
Note: |
The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed.
https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-ntp.html
Entry_2:
Name: Nmap
Description: Enumerate NTP
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}
```
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink