Metasploitable 2 – Compromise: UnrealIRC

Lets take a look at this Nmap result in more detail:

6667/tcp  open  irc         UnrealIRCd

Nessus results also show some details here:

Critical (10.0) 46882 UnrealIRCd Backdoor Detection

Worth checking to see if Metasploit has a module we can use here. Fire up Metasploit with:


And lets do a search for any hits on ‘unrealirc’:

search unrealirc


Great we have a hit, lets choose this exploit:

use exploit/unix/irc/unreal_ircd_3281_backdoor


We now need to configure it. To see what’s required, use:

show options


Lets set our target (using our Metasploitable IP address) with:


Once done you can run ‘show options’ again to confirm it looks good:


Now lets see if it works by typing ‘run’



Be aware that you may not get much feedback even if the exploit is successful.

Try typing ‘hostname’ as above and see what comes back. As you can see the exploit was successful, we have root access to the metasploitable box once more.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s