{"id":3149,"date":"2018-04-09T04:35:41","date_gmt":"2018-04-09T04:35:41","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=3149"},"modified":"2018-04-09T04:35:41","modified_gmt":"2018-04-09T04:35:41","slug":"irc-bot-hunters-a-collection-of-metasploit-poc-exploits-for-irc-botnets-that-allows-rce","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=3149","title":{"rendered":"IRC Bot Hunters &#8211; a collection of Metasploit PoC exploits for IRC Botnets that allows RCE"},"content":{"rendered":"<p><strong>IRC Bot Hunters<\/strong><\/p>\n<p>a collection of <em><strong>Metasploit PoC<\/strong><\/em> exploits for<em> <strong>IRC Botnets<\/strong><\/em> that takes over the owner of a bot which then allows<em><strong> Remote Code Execution<\/strong><\/em>. Most IRC Botnets can be taken over by using their herders&#8217; usernames or by triggering a certain command which does shell execution. Almost all of the modules here have been accepted in the<em><strong> Metasploit<\/strong><\/em> repository. If you are looking for <em><strong>C&amp;C exploit modules<\/strong><\/em> or pwning <em><strong>backdoors<\/strong><\/em> like<em><strong> r57 \/ c99 shell<\/strong><\/em>, I have also made some modules which I have pushed in the main msf repository.<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-3150\" src=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2018\/04\/ircbothunter.png\" alt=\"\" width=\"817\" height=\"570\"><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Accepted Metasploit Modules:<\/strong><\/p>\n<p><em><strong>w3tw0rk \/ Pitbul IRC Bot Remote Code Execution<\/strong><\/em> &#8211; <a href=\"https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/w3tw0rk_exec\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/w3tw0rk_exec<\/a><br \/>\n<em><strong>Legend Perl IRC Bot Remote Code Execution<\/strong><\/em> &#8211; <a href=\"https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/legend_bot_exec\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/legend_bot_exec<\/a><br \/>\n<em><strong>Xdh \/ LinuxNet Perlbot \/ fBot IRC Bot Remote Code Execution<\/strong><\/em> &#8211; <a href=\"https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/xdh_x_exec\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/xdh_x_exec<\/a><br \/>\n<em><a href=\"https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/legend_bot_exec\"><strong>PHP IRC Bot pbot eval() Remote Code Execution (Credited Only) &#8211;<\/strong><\/a><\/em> <a href=\"https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/pbot_exec\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/pbot_exec<\/a><br \/>\n<strong><br \/>\nReferences:<\/strong><\/p>\n<p>w3tw0rk \/ Pitbull Perl IRC Bot Remote Code Execution PoC Exploit &#8211; <a href=\"https:\/\/www.exploit-db.com\/exploits\/36652\/\">https:\/\/www.exploit-db.com\/exploits\/36652\/<\/a><br \/>\nLegend Perl IRC Bot &#8211; Remote Code Execution &#8211; <a href=\"https:\/\/www.exploit-db.com\/exploits\/36836\/\">https:\/\/www.exploit-db.com\/exploits\/36836\/<\/a><\/p>\n<p>Want an IRC bot pwned or you have an exploit for an IRC bot that you want to be ported to msf? Contact Jay Turla at shipcodez@gmail.com<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/github.com\/shipcod3\/IRC-Bot-Hunters\">Download at Github<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IRC Bot Hunters a collection of Metasploit PoC exploits for IRC Botnets that takes over the owner of a bot which then allows Remote Code Execution. Most IRC Botnets can be taken over by using their herders&#8217; usernames or by triggering a certain command which does shell execution. Almost all of the modules here have<\/p>\n","protected":false},"author":1,"featured_media":3947,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[765,766,459,674,767,86,768],"class_list":["post-3149","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","tag-backdoors","tag-botnet","tag-irc","tag-metasploit","tag-poc","tag-rootcon","tag-shipcode"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/3149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3149"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/3149\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}