-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add documentation to the module with testing steps
- Loading branch information
1 parent
537585f
commit f48e4a0
Showing
1 changed file
with
68 additions
and
0 deletions.
There are no files selected for viewing
68 changes: 68 additions & 0 deletions
68
documentation/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future.rb.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| ## Vulnerable Application | ||
|
|
||
| ## Verification Steps | ||
|
|
||
| 1. Use the supplied Dockerfile to start a vulnerable instance of the application | ||
| 1. Build it with: `docker build -t ntpd:4.2.8p3 .` | ||
| 1. Run it with: `docker run --rm -it --name ntp-server -p 123:123/udp ntpd:4.2.8p3` | ||
| 1. Start `msfconsole` and use the module | ||
| 1. Set the `RHOSTS` value as necessary | ||
| 1. Run the module and see that the target is vulnerable | ||
|
|
||
| ### Dockerfile | ||
|
|
||
| ``` | ||
| ARG version=4.2.8p3 | ||
| FROM ubuntu:16.04 | ||
| ARG version | ||
| # Install dependencies | ||
| RUN apt-get update && apt-get install -y \ | ||
| wget \ | ||
| build-essential \ | ||
| libcap-dev \ | ||
| libssl-dev && \ | ||
| apt-get clean | ||
| # Download and build NTPD | ||
| WORKDIR /tmp | ||
| RUN wget https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-$version.tar.gz && \ | ||
| tar -xzf ntp-$version.tar.gz && \ | ||
| cd ntp-$version && \ | ||
| ./configure --prefix=/usr/local --enable-linuxcaps && \ | ||
| make && \ | ||
| make install && \ | ||
| cd .. && \ | ||
| rm -rf ntp-$version* | ||
| # Add configuration file | ||
| COPY ntp.conf /etc/ntp.conf | ||
| # Expose NTP port (123) | ||
| EXPOSE 123/udp | ||
| # Run ntpd | ||
| ENTRYPOINT ["/usr/local/bin/ntpd"] | ||
| CMD ["-g", "-d", "-d"] | ||
| ``` | ||
|
|
||
| ## Options | ||
|
|
||
| ## Scenarios | ||
|
|
||
| ### Ubuntu 16.04 NTPd 4.2.8p3 | ||
|
|
||
| ``` | ||
| metasploit-framework (S:0 J:0) auxiliary(scanner/ntp/ntp_nak_to_the_future) > set RHOSTS 192.168.159.128, 192.168.159.10 | ||
| RHOSTS => 192.168.159.128, 192.168.159.10 | ||
| metasploit-framework (S:0 J:0) auxiliary(scanner/ntp/ntp_nak_to_the_future) > run | ||
| [+] 192.168.159.128:123 - NTP - VULNERABLE: Accepted a NTP symmetric active association | ||
| [*] Scanned 1 of 2 hosts (50% complete) | ||
| [*] Scanned 1 of 2 hosts (50% complete) | ||
| [*] Scanned 1 of 2 hosts (50% complete) | ||
| [*] Scanned 1 of 2 hosts (50% complete) | ||
| [*] Scanned 1 of 2 hosts (50% complete) | ||
| [*] Scanned 2 of 2 hosts (100% complete) | ||
| [*] Auxiliary module execution completed | ||
| metasploit-framework (S:0 J:0) auxiliary(scanner/ntp/ntp_nak_to_the_future) > | ||
| ``` |