Lets take a look at this Nmap result in more detail:
6667/tcp open irc UnrealIRCd
Nessus results also show some details here:
|Critical (10.0)||46882||UnrealIRCd Backdoor Detection|
Worth checking to see if Metasploit has a module we can use here. Fire up Metasploit with:
And lets do a search for any hits on ‘unrealirc’:
Great we have a hit, lets choose this exploit:
We now need to configure it. To see what’s required, use:
Lets set our target (using our Metasploitable IP address) with:
set RHOST 192.168.168.134
Once done you can run ‘show options’ again to confirm it looks good:
Now lets see if it works by typing ‘run’
Be aware that you may not get much feedback even if the exploit is successful.
Try typing ‘hostname’ as above and see what comes back. As you can see the exploit was successful, we have root access to the metasploitable box once more.