Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-2075 PoC — UnrealIRCd 后门未授权访问漏洞

Source
https://github.com/abhinavcybersec/PenTest-Lab
Associated Vulnerability
Title:UnrealIRCd 后门未授权访问漏洞 (CVE-2010-2075)
Description:UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Description
I recently set up a small Penetration Testing Lab to get some hands-on experience with vulnerability scanning and exploitation. Using Nessus and Kali Linux, I was able to dive into Metasploitable 2, a deliberately vulnerable system, and identify a pretty serious flaw (CVE-2010-2075).
Readme
# Penetration Testing Lab
## Objectives
- Learn Vulnerability Scanning with Nessus
- Practice Penetration Testing with Kali Linux
- Simulate Real-World Attacks
- Improve Cybersecurity Skills

## Virtualization
- Virtualizaiton Tool: Oracle Virtual box
- Reason: Open source, Easy setup

## Kali Linux Setup
- **OS**: Kali Linux
- **Network Adapter**: NAT

## Target Machine: Metasploitable 2
- **OS:** Ubuntu-based vulnerable system
- **Installation Type:** Virtualbox
- **Network Adapter:** Host-Only (to ensure isolated communication between the machines).

## Vulnerability Scanner: Nessus
- **Installed on:** Kali Linux
- **Installation Command:** `wget https://www.tenable.com/downloads/api/v1/public/pages/nessus/downloads/17940/download?i_agree_to_tenable_license_agreement=true -O Nessus.deb`  
- **Web Interface:** `https://localhost:8834` 
- **License Type:** Nessus Essentials (Free)
- **Status Check:** `sudo systemctl status nessusd`

## Nessus Vulnerability Scan on a Metasploitable 2
- **Scan Target:** Metasploitable 2 (`192.168.10.8`)

![alt text](image.png)
![alt text](image-1.png)

## Exploit: UnrealiRCd Backdoor (CVE-2010-2075)
- **Severity:** Critical (CVSS 10.0)
- **Affected Service:** UnrealiRCd (Internet Relay Chat Daemon)
- **Impact:** Full Remote Code Execution (RCE)
- Exploit Proof:

![alt text](image-3.png)

![alt text](image-4.png)

![alt text](image-5.png)

![alt text](image-6.png)

![alt text](image-7.png)

## Remediation Steps for UnrealiRCd
- Update UnrealiRCd to latest version.
- Remove or disable the vulnerable service if it's not needed.
- Use a firewall to restrict access to the IRC port.

## Conclusion
This Penetration Testing Lab has provided hands-on experience with vulnerability scanning using Nessus, as well as simulated real-world attacks and exploitations. By setting up a vulnerable target machine (Metasploitable 2) and conducting a vulnerability scan, the lab demoonstrated the importance of identifying critical vulnerabilities such as UnrealiRCd and how they can be exploited for **Remote Code Execution (RCE)**.
Additionally, it showcased the practical steps involved in securing vulnerable systems, including updating software, disabling unnecessary services, and using firewalls for network access control. These exercises are essential for upskilling cybersecurity skills and gaining a deeper understanding of penetration testing methodologies.
File Snapshot

 [4.0K]  /data/pocs/e751eeec62f55ae681f0cb1e8bb25d230eef6a71
├── [104K]  image-1.png
├── [   0]  image-2.png
├── [ 69K]  image-3.png
├── [ 93K]  image-4.png
├── [ 28K]  image-5.png
├── [131K]  image-6.png
├── [ 83K]  image-7.png
├── [ 27K]  image.png
└── [2.4K]  README.md

0 directories, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →