194,6667,6660-7000 - Pentesting IRC

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ

๊ธฐ๋ณธ ์ •๋ณด

IRC๋Š” ์ฒ˜์Œ์— ์ผ๋ฐ˜ ํ…์ŠคํŠธ ํ”„๋กœํ† ์ฝœ๋กœ, IANA์— ์˜ํ•ด 194/TCP๋กœ ํ• ๋‹น๋˜์—ˆ์ง€๋งŒ, ์ผ๋ฐ˜์ ์œผ๋กœ 6667/TCP ๋ฐ ์œ ์‚ฌํ•œ ํฌํŠธ์—์„œ ์‹คํ–‰๋˜์–ด ๋ฃจํŠธ ๊ถŒํ•œ ์—†์ด ์ž‘๋™ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์„œ๋ฒ„์— ์—ฐ๊ฒฐํ•˜๋Š” ๋ฐ ํ•„์š”ํ•œ ๊ฒƒ์€ ๋‹‰๋„ค์ž„๋ฟ์ž…๋‹ˆ๋‹ค. ์—ฐ๊ฒฐ ํ›„, ์„œ๋ฒ„๋Š” ์‚ฌ์šฉ์ž์˜ IP์— ๋Œ€ํ•ด ์—ญ DNS ์กฐํšŒ๋ฅผ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค.

์‚ฌ์šฉ์ž๋Š” ๋” ๋งŽ์€ ์ ‘๊ทผ์„ ์œ„ํ•ด ์‚ฌ์šฉ์ž ์ด๋ฆ„๊ณผ ๋น„๋ฐ€๋ฒˆํ˜ธ๊ฐ€ ํ•„์š”ํ•œ ์šด์˜์ž์™€ ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž๋กœ ๋‚˜๋‰ฉ๋‹ˆ๋‹ค. ์šด์˜์ž๋Š” ๋‹ค์–‘ํ•œ ์ˆ˜์ค€์˜ ๊ถŒํ•œ์„ ๊ฐ€์ง€๋ฉฐ, ๊ด€๋ฆฌ์ž ๊ถŒํ•œ์ด ๊ฐ€์žฅ ๋†’์Šต๋‹ˆ๋‹ค.

๊ธฐ๋ณธ ํฌํŠธ: 194, 6667, 6660-7000

PORT     STATE SERVICE
6667/tcp open  irc

์—ด๊ฑฐ

๋ฐฐ๋„ˆ

IRC๋Š” TLS๋ฅผ ์ง€์›ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

nc -vn <IP> <PORT>
openssl s_client -connect <IP>:<PORT> -quiet

์ˆ˜๋™

์—ฌ๊ธฐ์—์„œ ๋ฌด์ž‘์œ„ ๋‹‰๋„ค์ž„์„ ์‚ฌ์šฉํ•˜์—ฌ IRC์— ์—ฐ๊ฒฐํ•˜๊ณ  ์•ก์„ธ์Šคํ•œ ๋‹ค์Œ ํฅ๋ฏธ๋กœ์šด ์ •๋ณด๋ฅผ ๋‚˜์—ดํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. IRC์˜ ๋” ๋งŽ์€ ๋ช…๋ น์–ด๋Š” ์—ฌ๊ธฐ์—์„œ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

#Connection with random nickname
USER ran213eqdw123 0 * ran213eqdw123
NICK ran213eqdw123
#If a PING :<random> is responded you need to send
#PONG :<received random>

VERSION
HELP
INFO
LINKS
HELPOP USERCMDS
HELPOP OPERCMDS
OPERATOR CAPA
ADMIN      #Admin info
USERS      #Current number of users
TIME       #Server's time
STATS a    #Only operators should be able to run this
NAMES      #List channel names and usernames inside of each channel -> Nombre del canal y nombre de las personas que estan dentro
LIST       #List channel names along with channel banner
WHOIS <USERNAME>      #WHOIS a username
USERHOST <USERNAME>   #If available, get hostname of a user
USERIP <USERNAME>     #If available, get ip of a user
JOIN <CHANNEL_NAME>   #Connect to a channel

#Operator creds Brute-Force
OPER <USERNAME> <PASSWORD>

์„œ๋ฒ„์— ๋น„๋ฐ€๋ฒˆํ˜ธ๋กœ ๋กœ๊ทธ์ธํ•˜๋ ค๊ณ  ์‹œ๋„ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค. ngIRCd์˜ ๊ธฐ๋ณธ ๋น„๋ฐ€๋ฒˆํ˜ธ๋Š” wealllikedebian์ž…๋‹ˆ๋‹ค.

PASS wealllikedebian
NICK patrick
USER test1 test2 <IP> :test3

IRC ์„œ๋น„์Šค ์ฐพ๊ธฐ ๋ฐ ์Šค์บ”

nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,6660-7000 <ip>

๋ฌด์ฐจ๋ณ„ ๋Œ€์ž… ๊ณต๊ฒฉ

์‡ผ๋‹จ

  • ํ˜ธ์ŠคํŠธ ์ด๋ฆ„ ์กฐํšŒ

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ