获取网站ntp服务器地址,获取NTP服务器最后活动的IP地址、monlist 命令

测试NTP 时间服务器用的，ntp_ip_enum.py，源码如下：

#!/usr/bin/env python

"""

Basic script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset.

Gert Burger

SensePost (Pty) Ltd

www.sensepost.com

This work is licensed under the Creative Commons Attribution 2.5 South Africa License available at https://creativecommons.org/licenses/by/2.5/za/ www.2cto.com

Edited by SECUREPLA.NET

"""

from struct import unpack, pack

import socket

import select

import sys

import string

OUTPUT_FORMAT='normal'  #'maltego' for maltego xml or any other string for normal output

DEBUG=False             #Enables basic debug info

TIMEOUT=2               #Read timeout in seconds

TRIES=3                 #Number of times to do the monlist request

filename="NTP.txt"

def int_ip_to_str(ip_num):

return socket.inet_ntoa(pack('!L', ip_num))

def str_ip_to_int(ip):

return unpack('!L',socket.inet_aton(ip))

def get_payload():

return """x17x00x02x2ax00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"""

def parse_monlist_packet(data):

result = dict(response=False, more=False, error=None, records=[])

if len(data) < 8:

result['error'] = 'NO_HEADER'

return result

ntp_flags, ntp_auth, ntp_vers, ntp_req_code, num_items, item_size  = unpack('!BBBBHH', data[0:8])

data = data[8:]

result['response'] = ntp_flags & (1 << 7) > 0

result['more'] = ntp_flags & (1 << 6) > 0

if not result['response']: #Return if its a request

result['error'] = "REQUEST_PACKET"

elif ntp_req_code == 42: #Check if its a monlist packet

if DEBUG: print "item_size[%s] tnum_items[%s] tlen(data)[%s]" % (item_size, num_items, len(data))

if item_size != 32:

result['error'] = "WRONG_ITEM_SIZE"

elif num_items < 1:

result['error'] = "WRONG_ITEM_COUNT"

elif len(data) < num_items*item_size:

result['error'] = "SHORT_PACKET"

else:

for offset in range(0, num_items*item_size, item_size):

parts = unpack('!IIIIIIII', data[offset:offset+item_size])

ip = int_ip_to_str(parts[4])

port = parts[7]

result['records'].append((ip, port))

else:

result['error'] = "WRONG_REQUEST_CODE"

return result

def fetch(ntp_server, timeout=5):

def send_payload(sock, target):

data = get_payload()

bytes_sent = sock.sendto(data, (target, 123))

if bytes_sent != len(data) and DEBUG:

print "Failed to send payload"

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

sock.bind(('0.0.0.0', 0))

send_payload(sock, ntp_server)

results = set()

count = 0

while True:

rlist, wlist, xlist = select.select([sock], [], [], TIMEOUT)

if sock in rlist:

data, addr = sock.recvfrom(1024)

ret = parse_monlist_packet(data)

if ret['error']:

if DEBUG: print "Error parsing packet[%s]" % ret['error']

else:

results.update([x[0] for x in ret['records']])

else:

count += 1

if count >= TRIES:

break

send_payload(sock, ntp_server)

return list(results)

def print_maltego(results):

from xml.dom.minidom import Document

doc = Document()

mm = doc.createElement('MaltegoMessage')

doc.appendChild(mm)

mtrm = doc.createElement('MaltegoTransformResponseMessage')

mm.appendChild(mtrm)

entities = doc.createElement('Entities')

mtrm.appendChild(entities)

for result in results:

entity = doc.createElement('Entity')

entity.setAttribute('Type', 'IPAddress')

value = doc.createElement('Value')

value_node = doc.createTextNode(result)

value.appendChild(value_node)

entity.appendChild(value)

entities.appendChild(entity)

output = doc.toxml()

print output[output.index(" so that maltego can function

if __name__ == '__main__':

if len(sys.argv) > 1:

targets = sys.argv[1:]

else:

print "Usage: %s target ntp serversnnThis script will return a unique set of IP's obtained from the list of ntp servers via the monlist command" % sys.argv[0]

sys.exit(-1)

results = set()

for target in targets:

results.update(fetch(target))

results = sorted(results, key=str_ip_to_int)

if str(OUTPUT_FORMAT).lower() == 'maltego':

print_maltego(results)

else:

delimiter = 'n'

print "Target host: %s" % targets

print "------------------------------- MonList ------------------------------"

print delimiter.join(results)

print "------------------------------- MonList ------------------------------"

print "Number of results %s" % len(results)

#FILE = open(filename,"a")

#FILE.writelines("-------------------------------NTP List------------------------------")

#FILE.writelines("n")

#FILE.writelines("Target host: ")

#FILE.writelines(targets)

#FILE.writelines("n")

#FILE.writelines("n".join(results))

#FILE.writelines("n")

#FILE.writelines("Number of results %s" % len(results))

#print "Completed.  Check NTP.txt"

#spidermark sensepostdata ntp_monlist.py

摘自 ：Nuclear'Atk 网络安全研究中心，本文地址：https://lcx.cc/?FoxNews=2307.html