HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Sandman: NTP based backdoor for red team engagements

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,607
Solutions
2
Reputation
32
Reaction score
100,453
Points
2,313
Credits
32,590
‎6 Years of Service‎
 
76%
sandman.png


Sandman is a backdoor that is meant to work on hardened networks during red team engagements.

Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre defined server.

Since NTP is a protocol that is overlooked by many defenders resulting in wide network accessibility.

Capabilities

    Getting and executing an arbitrary payload from an attacker’s controlled server.

    Can work on hardened networks since NTP is usually allowed in FW.

    Impersonating a legitimate NTP server via IP spoofing.

Setup
SandmanServer (Setup)

    Python 3.9
    Requirements are specified in the requirements file.

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top