半年前研究 NTP 反射型 DDOS,测试 NTP 时间服务器用的,ntp_ip_enum.py,源码如下:
#!/usr/bin/env python """ Basic script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. Gert BurgerSensePost (Pty) Ltd www.sensepost.com This work is licensed under the Creative Commons Attribution 2.5 South Africa License available at http://creativecommons.org/licenses/by/2.5/za/ Edited by SECUREPLA.NET """ from struct import unpack, pack import socket import select import sys import string OUTPUT_FORMAT='normal' #'maltego' for maltego xml or any other string for normal output DEBUG=False #Enables basic debug info TIMEOUT=2 #Read timeout in seconds TRIES=3 #Number of times to do the monlist request filename="NTP.txt" def int_ip_to_str(ip_num): return socket.inet_ntoa(pack('!L', ip_num)) def str_ip_to_int(ip): return unpack('!L',socket.inet_aton(ip)) def get_payload(): return """x17x00x02x2ax00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00""" def parse_monlist_packet(data): result = dict(response=False, more=False, error=None, records=[]) if len(data) 0 result['more'] = ntp_flags & (1 0 if not result['response']: #Return if its a request result['error'] = "REQUEST_PACKET" elif ntp_req_code == 42: #Check if its a monlist packet if DEBUG: print "item_size[%s] tnum_items[%s] tlen(data)[%s]" % (item_size, num_items, len(data)) if item_size != 32: result['error'] = "WRONG_ITEM_SIZE" elif num_items = TRIES: break send_payload(sock, ntp_server) return list(results) def print_maltego(results): from xml.dom.minidom import Document doc = Document() mm = doc.createElement('MaltegoMessage') doc.appendChild(mm) mtrm = doc.createElement('MaltegoTransformResponseMessage') mm.appendChild(mtrm) entities = doc.createElement('Entities') mtrm.appendChild(entities) for result in results: entity = doc.createElement('Entity') entity.setAttribute('Type', 'IPAddress') value = doc.createElement('Value') value_node = doc.createTextNode(result) value.appendChild(value_node) entity.appendChild(value) entities.appendChild(entity) output = doc.toxml() print output[output.index(" so that maltego can function if __name__ == '__main__': if len(sys.argv) > 1: targets = sys.argv[1:] else: print "Usage: %s target ntp serversnnThis script will return a unique set of IP's obtained from the list of ntp servers via the monlist command" % sys.argv[0] sys.exit(-1) results = set() for target in targets: results.update(fetch(target)) results = sorted(results, key=str_ip_to_int) if str(OUTPUT_FORMAT).lower() == 'maltego': print_maltego(results) else: delimiter = 'n' print "Target host: %s" % targets print "------------------------------- MonList ------------------------------" print delimiter.join(results) print "------------------------------- MonList ------------------------------" print "Number of results %s" % len(results) #FILE = open(filename,"a") #FILE.writelines("-------------------------------NTP List------------------------------") #FILE.writelines("n") #FILE.writelines("Target host: ") #FILE.writelines(targets) #FILE.writelines("n") #FILE.writelines("n".join(results)) #FILE.writelines("n") #FILE.writelines("Number of results %s" % len(results)) #print "Completed. Check NTP.txt" #spidermark sensepostdata ntp_monlist.py
文章来源于lcx.cc:【Python】获取NTP服务器最后活动的IP地址、monlist 命令
相关推荐: 【文章】应用密码学 单向函数 鉴别 字典 Salt
3.2 鉴别 当Alice登录进入计算机(或自动柜员机、电话银行系统、或其它的终端类型)时,计算机怎么知道她是谁呢?计算机怎么知道她不是其他人伪造Alice的身份呢?传统的办法是用通行字来解决这个问题的。Alice先输入她的通行字,然后计算机确认它是正…
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论