Metasploitable without Metasploit – Unreal IRC


In continuing our series on compromising the Metasploitable machines, the next installment is on the Unreal IRC service.

This is a very quick exploit, which does not require any additional scripting or even downloading to get to work properly. Its a back door within the Unreal IRC daemon that allows a remote attacker to instantly gain root to the target machine. In fact, this method is actually faster than using Metasploit!

So first things first, nmap scan the machine to ensure that the service is running on the target.


Next, we verify that the service can be reached by simply using Netcat, and gain access to the machine through port 6667.


Finally, once we verify that we are connected, we simply use the syntax:

AB; (your command)

This is the backdoor, which runs the command on the machine as the root user.

From this point, it is simply sending a Netcat connection back to our Kali machine which is listening on port 4444, and we gain entry as the root user!



I know this was very short, but its actually that easy to do.


Leave a Reply

Your email address will not be published. Required fields are marked *