How to Hack UnrealIRCd Using Python Socket Programming

How to Hack UnrealIRCd Using Python Socket Programming

UnrealIRCd is an open-source IRC server that has been around since 1999 and is perhaps the most widely used one today. Version 3.2.8.1 was vulnerable to remote code execution due to a backdoor in the software. Today, we will be exploiting the vulnerability with Metasploit, examining the underlying code to understand it, and creating our own version of the exploit in Python.


Between November 2009 and June 2010, UnrealIRCd 3.2.8.1 contained a backdoor trojan that was available in the download archive. The vulnerability allowed an attacker to execute arbitrary code by sending the string "AB," which triggered the backdoor, followed by the payload. The command would run as whatever user the IRC daemon was running as, so root-level access could potentially be achieved.


We will use Metasploitable 2 as the target and Kali Linux as the attacking machine.


Step 1: Use Nmap to Verify Vulnerability


The first thing we need to do is determine if UnrealIRCd is present on the target. Nmap contains a handy script to check if it's there and if it is the vulnerable backdoored version. As the vulnerability is around ten years old, there won't be many of these running anywhere out in the wild.


unrealircd using python socket programming