Posts

Showing posts from October, 2019

Binary analysis of NTP protocol

Image
In this article I wish to share some insights into the NTP (Network Time Protocol). We do not usually do much apart from making sure its default port (123 udp) is open through firewalls and ensure the configuration of the service is provided with synchronisation servers. There are,however, several exploits that seem to exploit the notorious buffer overflow and get some code execution, but as of now (late 2019), these exploits all seem to apply to some older versions of NTP, mostly for unix environments…Anyway, none of them worked for me against recent equipment (CentOS 7.x, Cisco and HPE switches, VMWare VMs). NTP defines its protocol in several RFC-s , depending on the version of the NTP you deploy. This is why some of the below links may be of use: https://www.ietf.org/rfc/rfc5905.txt (V4) https://tools.ietf.org/html/rfc1305 (V3) https://tools.ietf.org/html/rfc1119 (V2) Kali comes with several Metasploit modules that allow you to quickly check if NTP is flowed aga