Offsec - SUNSET NOONTIDE - Feb 29th 2023

Target is [LAB_IP]

connecting via openvpn

openvpn oscp.vpn

[

](https://www.prestonzen.com/publications/cybersecurity/oscp/linux/sunset-noontide#h.9ds2jjg2j16)

Recon

nmap -sC -sV -p- -vv [LAB_IP]

PORT     STATE SERVICE REASON  VERSION

6667/tcp open  irc     syn-ack UnrealIRCd (Admin email example@example.com)

6697/tcp open  irc     syn-ack UnrealIRCd

8067/tcp open  irc     syn-ack UnrealIRCd (Admin email example@example.com)

Service Info: Host: irc.foonet.com

IRC URL no dice

[

](https://www.prestonzen.com/publications/cybersecurity/oscp/linux/sunset-noontide#h.1jza4kd87cf7)

Weaponization

searchsploit UnrealIRCd

Exploit Title                             |  Path

UnrealIRCd 3.2.8.1 - Backdoor Command Exec | linux/remote/16922.rb

UnrealIRCd 3.2.8.1 - Local Configuration S | windows/dos/18011.txt

UnrealIRCd 3.2.8.1 - Remote Downloader/Exe | linux/remote/13853.pl