Another effective way to gather information about a network and the resources on it is through use of the Network Time Protocol (NTP). Before you look at how to exploit this protocol for information-gathering purposes, you need to understand what the protocol does and what purpose it serves.
NTP is used to synchronize the clocks across the hosts on a network. The importance of the protocol is extremely high considering that directory services rely on clock settings for logon purposes.
The following commands can be used against an NTP server:
- ntpdate
- ntptrace
- ntpdc
- ntpq
It is also possible to extract information from NTP using our old friend Nmap and an NSE script. Using the following command in Nmap would yield results including client IP addresses, specifically the last 600 to attach to NTP:
nmap -sU -pU:123 -Pn -n –script=ntp-monlist <target>
In this command –sU defines the scan type, while –pU defines the port for NTP in this case. The –script=ntp-monlist specifies the script being run for NTP enumeration, and the <target> is the IP address of the NTP server.
3 Comments