Metasploitable without Metasploit – Unreal IRC

 

In continuing our series on compromising the Metasploitable machines, the next installment is on the Unreal IRC service.

This is a very quick exploit, which does not require any additional scripting or even downloading to get to work properly. Its a back door within the Unreal IRC daemon that allows a remote attacker to instantly gain root to the target machine. In fact, this method is actually faster than using Metasploit!

So first things first, nmap scan the machine to ensure that the service is running on the target.

nmap_6667

Shellshock demo set-up and POC

I’m not sure if everyone has been made aware of this, but a BASH vulnerability has been discovered… /sarcasm

OK, seriously, as everyone has heard by now, “Shellshock” is the new hot topic right now. Since I am one who learns by doing, I decided to give it a go, and see exactly how it works. My first instinct was to see how it works against the SSH protocol (CGI write up is coming soon). Now that I see what it actually is, I see that it would take an extraordinary set of circumstances for it to be a viable method of gaining entry (at least through SSH), but should those circumstances be present in your environment, it could be devastating (So make sure you patch everything up!).

Enumerator PIP install is live

Great news! After collaborating with felux(@sugarstackio) of http://sugarstack.io  in #overflowsec. Im excited that enumerator is now a pip install within python! Woohoo!

More information can be obtained at Enumerator PIP. Give it a once over, its an easy install now.

Thanks felux for all of the hard work, the project is coming along great. Look for more updates in the future.

Simple Buffer Overflow bypassing SEH

Here recently, I have gotten more interested in exploit writing, and the entire process of it. Being that I am noob to this, I obviously started my quest by looking for tutorials. Unfortunately I wasn’t able to find the “Explain like I’m 5” tutorial that I needed, and the entire process took me much longer than anticipated. Now that I finally got it figured out, I wanted to share with the world! 😀

Tr0ll

Having just finished the OSCP labs (exam is next week), I needed something to keep my mind to working, and do something a little fun. Naturally, I turned to Vulnhub.com to download a vulnerable VM and keep my geek appetite satisfied. Prior to starting the OSCP course, I frequented Vulnhub as a way to “prepare” me for the labs during the course. (Its obviously a good start, but nothing can prepare you for those, just FYI).

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.