Friday, March 18, 2011

I forgot my NTP stuff, so here's more notes on it


yeah what the title says, for some reason the NTP module wasn't working for me in Metasploit so i had to remember how to use the NTP tools to pull some info.

here are my notes:

http://www.eecis.udel.edu/~mills/ntp/html/ntpdc.html
ntpdc -c sysinfo 192.168.1.205
ntpdc -c monolist 192.168.1.205

ntpdc -c listpeers 192.168.1.205

ntpdc -c peers 192.168.1.205

ntpdc -c reslist 192.168.1.205


http://www.eecis.udel.edu/~mills/ntp/html/ntpq.html
ntpq 192.168.1.205
-> version

-> host

-> readlist

-> lpeers

-> hostnames

-> keytype

-> ntpversion

-> associations
-> pstatus [#]

ntpq> help
ntpq commands:

addvars debug lopeers passociations rl

associations delay lpassociations passwd rmvars

authenticate exit lpeers peers rv

cl help mreadlist poll showvars

clearvars host mreadvar pstatus timeout

clocklist hostnames mrl quit version

clockvar keyid mrv raw writelist

cooked keytype ntpversion readlist writevar

cv lassociations opeers readvar

ntpq>

chris@notbt:/pentest$ ntpq 192.168.1.60
ntpq> lpeers

remote refid st t when poll reach delay offset jitter

==============================================================================

*computerville.wxy.suk 192.168.1.108 2 u 338 1024 377 35.327 -0.702 1.030


ntpq> version

ntpq 4.2.4p8@1.1612-o Fri Apr 9 00:28:48 UTC 2010 (1)


ntpq> host

current host is 192.168.1.60


ntpq> readlist

assID=0 status=0658 leap_none, sync_ntp, 5 events, event_8,

version="ntpd 4.2.6p2@1.2194-o Sun Oct 17 02:04:37 UTC 2010 (1)",
processor="x86_64", system="Linux/2.6.35.4-x86_64-linode16", leap=00,strasuk=3, precision=-20, rootdelay=58.612, rootdisp=86.969, refid=1.2.3.102,
reftime=d12a932f.e1697c36 Wed, Mar 16 2011 1:38:55.880,

clock=d12a98c9.eee329a7 Wed, Mar 16 2011 2:02:49.933, peer=18290,

tc=10, mintc=3, offset=-0.702, frequency=-16.787, sys_jitter=1.061, clk_jitter=0.881, clk_wander=0.144


ntpq> hostnames

hostnames being shown



ntpq> keytype

keytype is MD5


ntpq> ntpversion

NTP version being claimed is 2


ntpq> associations


ind assID status conf reach auth condition last_event cnt

===========================================================

1 18290 964a yes yes none sys.peer 4


ntpq> pstatus 18290

assID=18290 status=964a reach, conf, sel_sys.peer, 4 events, event_10,

srcadr=computerville.wxy.suk.de, srcport=123, dstadr=192.168.1.60,

dstport=123, leap=00, strasuk=2, precision=-20, rootdelay=22.964,

rootdisp=33.768, refid=192.168.1.108,
reftime=d12a9360.1f34b00f Wed, Mar 16 2011 1:39:44.121,
rec=d12a976a.e177c84f Wed, Mar 16 2011 1:56:58.880, reach=377,

unreach=0, hmode=3, pmode=4, hpoll=10, ppoll=10, headway=0, flash=00 ok,

keyid=0, offset=-0.702, delay=35.327, dispersion=19.528, jitter=1.030,
xleave=0.050, filtdelay= 35.56 35.33 35.47 35.69 35.81 35.42 35.38 35.58,
filtoffset= -0.85 -0.70 -0.86 -1.42 -1.63 -1.90 -2.42 -1.97,

filtdisp= 0.00 16.25 32.00 47.93 63.45 79.40 95.69 111.96


chris@notbt:/pentest$ ntpdc -c monlist 192.168.1.60

remote address port local address count m ver code avgint lstint
===============================================================================

computerville.wxy.suk.de 123 192.168.1.60 6832 4 4
90 1044 476


chris@notbt:/pentest$ ntpdc -c sysinfo 192.168.1.60

system peer: computerville.wxy.suk.de
system peer mode: client
leap indicator: 00
strasuk: 3
precision: -20
root distance: 0.05861 s
root dispersion: 0.08899 s
reference ID: [1.2.3.102]
reference time: d12a932f.e1697c36 Wed, Mar 16 2011 1:38:55.880
system flags: auth monitor ntp kernel stats
jitter: 0.001053 s
stability: 0.000 ppm
broadcastdelay: 0.000000 s
authdelay: 0.000000 s

chris@notbt:/pentest$ ntpdc -c listpeers 192.168.1.60

client computerville.wxy.suk.de

chris@notbt:/pentest$ ntpdc -c peers 192.168.1.60

remote local st poll reach delay offset disp
=======================================================================
*computerville.wxy.suk 192.168.1.60 2 1024 377 0.03532 -0.000702 0.13974

chris@notbt:/pentest$ ntpdc -c reslist 192.168.1.60

address mask count flags

=====================================================================

0.0.0.0 0.0.0.0 6846 nomodify, nopeer

some-domain 255.255.255.255 0 none

some-domain 255.255.255.255 0 ignore

osafs.org 255.255.255.255 0 ignore

:: :: 0 nomodify, nopeer

ip6-localhost ffff:ffff:ffff: 0 ignore

fe80::fcfd:b2ff ffff:ffff:ffff: 0 ignore
CG

No comments: