Why isn't NTP a more common attack vector?

Email
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

File (hide): 8bfe11ea9d0260b⋯.jpg (224.34 KB, 1197x618, 399:206, Usno-amc.jpg) (h) (u)

▶Why isn't NTP a more common attack vector? Anonymous 11/11/18 (Sun) 10:04:59 No.996681>>996716 >>996845 >>996949 >>996981 [Watch Thread][Show All Posts]

See subject

Like, what's to stop some rando from setting up his own wifi network in a crowded public place, set up an NTP server with a DNS server to spoof commonly used servers, then set the time to, say, the time_t overflow time (for 32-bit set time_t to 2147483647 or 64-bit 9223372036854775807) and just sit back as you wreck hundreds of machines around you?

▶Anonymous 11/11/18 (Sun) 10:06:41 No.996682>>996683 >>996764

because computers don't magically explode just because a number wrapped down to negatives.

▶Anonymous 11/11/18 (Sun) 10:09:43 No.996683

>>996682

A lot of Android phones brick when time_t overflows because some retarded OEMs use the same kernel in their recovery modes as they do while the phone is running. I think a lot of them have since solved the issue but there's a lot of phones out there that can still be wrecked this way.

▶Anonymous 11/11/18 (Sun) 10:56:50 No.996695

>Hi im 12

>Im 2 yung to have know about the NTP Amplification attack

>lol u ((4channers)) are newfags.

>i see reddit spacing

▶Anonymous 11/11/18 (Sun) 12:33:11 No.996716>>996728 >>996808

>>996681 (OP)

>what's to stop some rando from setting up his own wifi network in a crowded public place

Do people actually connect to random open wifi networks in your country?

▶Anonymous 11/11/18 (Sun) 14:01:31 No.996728>>997956

>>996716

>what is automatic reconnecting to known APs

▶Anonymous 11/11/18 (Sun) 17:51:42 No.996764>>996945

>>996682

Now ask me how I know you're female.

Stick to OS intelligence hun. xxx ;^)

▶Anonymous 11/11/18 (Sun) 20:45:07 No.996808

>>996716

Some normalfags have their phones automatically connect to "trusted" open wifi networks

▶Anonymous 11/11/18 (Sun) 23:59:21 No.996845>>996920

>>996681 (OP)

that doesn't do shit

meanwhile, you can just run nikto or nmap to find known vulnerabilities and then use searchsploit to find an exploit to slightly alter and then compile and run

use that to establish a reverse shell that you use with your netcat listener, then find some sort of privilege escalation vulnerability, or if not, you can just exfiltrate data even with non-privileged accounts anyway, like maybe an apache service account or some shit idk

path of least resistance

it sure seems cool from an academic perspective to talk about abstract shit, but in the real world shit like vulnerability/service scanners and even just fucking dirtyc0w are enough for most shit

you don't need to reinvent the wheel, just enumerate and use known shit

imagine thinking errything needs to be a zero day lul

▶Anonymous 11/12/18 (Mon) 06:04:12 No.996920>>997030

>>996845

I suspect from your style of writing you're either underage or from a third world country. Regardless, go back to /g/.

▶Anonymous 11/12/18 (Mon) 07:57:24 No.996945>>996982

>>996764

How did you know that, sweetie?

▶Anonymous 11/12/18 (Mon) 09:04:10 No.996949

>>996681 (OP)

https://blog.fpmurphy.com/2013/02/ntp-insane-time.html

▶Anonymous 11/12/18 (Mon) 12:02:27 No.996980

>NTP still has no cryptographic signatures

top lmao

▶Anonymous 11/12/18 (Mon) 12:03:48 No.996981>>997958

>>996681 (OP)

probably the crowd, because using a laptop outside of a coffee shop, library, classroom or bedroom makes you a hacker, no backsies

▶Anonymous 11/12/18 (Mon) 12:05:53 No.996982

>>996945

..because you stayed up late on a Sunday night while working on Monday's paper to post on a Mongolian finger painting forum. cold reading. Did you ever write those man pages? I'd be interested in a copy

▶Anonymous 11/12/18 (Mon) 16:09:17 No.997030

>>996920

says the guy who wants to use NTP as an attack vector lmao it's like you don't even have any security certs

▶Anonymous 11/15/18 (Thu) 21:22:49 No.997956

>>996728

>known APs

>reconnecting

▶Anonymous 11/15/18 (Thu) 21:26:33 No.997958

>>996981

You don't need to open a laptop - or even take it out of your suitcase or backpack - to have it running and serving as an access point. Heck, it doesn't have to be a laptop. I bet a rooted fagdroid would do.

/tech/ - Technology★

General

WebM

Theme

User JS

Do not paste code here unless you absolutely trust the source or have read it yourself!

Favorites

Customize Formatting

Filters