digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Vulnerability: UnrealIRCd backdoor

Browse Source
This commit is contained in:
thomashaw
2016-06-15 02:32:28 +01:00
parent b195b6e0a2
commit 31c49d81ff
52 changed files with 1883 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/Gemfile Normal file
View File

@@ -0,0 +1,15 @@
source 'https://rubygems.org'
group :development, :test do
gem 'rake', :require => false
gem 'rspec-puppet', :require => false
gem 'puppetlabs_spec_helper', :require => false
gem 'serverspec', :require => false
gem 'puppet-lint', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end

19
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/LICENSE Normal file
View File

@@ -0,0 +1,19 @@
The MIT License (MIT)
Copyright (c) 2013 Wharenn
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH
THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

7
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/Modulefile Normal file
View File

@@ -0,0 +1,7 @@
name 'wharenn-unrealirc'
version '0.0.1'
author 'wharenn'
license 'MIT'
summary 'Module to install unrealirc'
project_page 'https://github.com/Wharenn/puppet-unrealirc'
description 'This module will download, compile and install unrealirc irc server'

234
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/README.md Normal file
View File

@@ -0,0 +1,234 @@
# UnrealIRC puppet module
This is a fork of [Wharenn's unrealircd puppet module](https://github.com/Wharenn/puppet-unrealirc).
This puppet module allows you to easily install an UnrealIRC IRC server.
It will install a basic IRC server and let you config it with puppet. There is a puppet type for each section of the unrealircd.conf. This way, you can easily manage opers, vhosts, server links...
You may be interested by the following modules :
* Anope Puppet Module for IRC services management
https://github.com/Tehnix/puppet-anope
## How to use
### Quickly set an IRC server
class { '::unrealirc':
}
### Custom IRC server
class { '::unrealirc':
install_path => '/var/lib/unreal',
user => 'irc',
group => 'irc',
log_path => '/var/log/ircd.log',
servername => 'irc.myserver.org',
serverdesc => 'Description of irc server',
maxusers => 100,
maxservers => 10,
admins => ['admin <admin@myserver.org>'],
pidfile => '/var/lib/unreal/ircd.pid',
url => 'http://www.unrealircd.com/downloads/Unreal3.2.10.2.tar.gz',
use_ssl => true,
ssl_cert => '/absolute/path/to/server.cert.pem',
ssl_key => '/absolute/path/to/server.key.pem',
motd => '/absolute/path/to/motd',
}
#### Available options :
**install_path**
Directory where UnrealIRCd will be installed
**user**
Unix user that should own the UnrealIRC directory and run the service
**group**
Group of the user that should own the UnrealIRC directory and run the service
**log_path**
Path of the log file. Beware that this path may be defined later in the server advanced config
**servername**
Name of your IRC server
**serverdesc**
Description of your IRC server
**maxusers**
Max number of users that can simultaneously be connected on the server
**maxservers**
Max number of servers that can be linked to the server
**admins**
Array containing the names of server admins.
**pidfile**
Path of the service pid file
**url**
Url to the UnrealIRC download archive
**use_ssl**
Whether to compile unrealirc with ssl or not
**ssl_cert**
The location of the ssl certificate (only relevant with use_ssl)
**ssl_key**
The location of the ssl key (only relevant with use_ssl)
**motd**
The location of the motd file you want to use
### Required configuration
Some values **must** be defined for your IRC network to work. You can set them by using the unrealirc::config::set type.
unrealirc::config::set { 'network':
network_name => "Public Name of My Server",
default_server => "irc.myserver.org",
services_server => "services.myserver.org",
kline_address => "contact@myserver.org",
}
### Advanced configuration (optionnal)
You can built step by step your unrealircd.conf by using unrealirc::config puppet types. Examples provided below only show required options. Each type have several other options to precisely suits to your needs. For further informations about how to use theses options, please read the UnrealIRC doc at http://www.unrealircd.com/files/docs/unreal32docs.html
Your unrealircd.conf will be built by including wildcard *.conf files generated by the use of unrealirc::config puppet types. Each type will create a _{TYPE}_\__{TYPE\_NAME}_.conf file in the config directory located in the install path.
#### Server configuration
Please refer to the UnrealIRC documentation to know how to configure your server.
unrealirc::config::set { 'server':
modes_on_connect => "+ix",
modes_on_oper => "+xwgs",
auto_join => "#welcome",
oper_auto_join => "#opers",
}
#### Listening ports
unrealirc::config::listen { 'default_6667':
port => 6667,
}
### Allow connections
unrealirc::config::allow { 'clients':
maxperip => 5,
}
#### Logging
unrealirc::config::log { 'default':
flags => ['oper','kline','connects','server-connects','kills','errors','sadmin-commands','chg-commands','oper-override','spamfilter'],
}
#### Adding Opers
unrealirc::config::oper { 'me':
username => 'The-Master',
password => 'mypassword',
}
_NOTE: This config will be stored in /var/lib/unreal/config/oper\_me.conf file_
#### Adding Vhosts
unrealirc::config::vhost { 'me':
vhost => 'the.creator',
login => 'The-Master',
password => 'mypassword',
swhois => 'This is the creator!',
}
_NOTE: This config will be stored in /var/lib/unreal/config/vhost\_me.conf file_
#### Adding Links
unrealirc::config::link { 'services':
servername => 'services.myserver.org',
hostname => '127.0.0.1',
port => '6667',
password_connect => 'myserverpassword',
password_receive => 'myserverpassword2',
}
#### Adding Ulines
unrealirc::config::ulines { 'servers':
servers => ['services.myserver.org'],
}
#### Adding Bans
unrealirc::config::ban { 'notallowed':
type => 'NicknameNotAllowed',
mask => '*',
reason => 'This nickname is not allowed',
}
#### Adding Exceptions
unrealirc::config::except { 'dontbanme':
type => 'ban',
mask => '*@me',
}
#### Adding Denies
unrealirc::config::deny { 'denydcc':
type => 'dcc',
filename => 'virus.exe',
reason => 'This file is a virus!',
soft => 'yes',
}
#### Other configuration
Take a look at other unrealirc::config types to learn how you can configure your server. These types are only wrappers around unrealircd.conf configuration options and parameters can be easily matched with those present in the official UnrealIRC documentation.
## Compatibility
This modules currently supports UnrealIRCd 3.2.10 but should also be compatible with newer releases.
It was tested on debian like systems but should also work on other linux distributions (except for the services part restricted to debian, contributions for other distribs would be welcomed!).
## Issues
Since the unrealircd.conf is built by including wildcard *.conf files generated by the module and located in the irc server "config" directory, you should be careful to clean this directory when you update the server config in puppet (especially if you change the name of the config type you used).
For IRC related questions, please have a look to UnrealIRC documentation :
http://www.unrealircd.com/files/docs/unreal32docs.html
Please report any module issue to project bug tracker on github
## Licence
This module is distributed under the MIT license. Please check the full license included at the root of the project tree.

2
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/Rakefile Normal file
View File

@@ -0,0 +1,2 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'rspec-system/rake_task'

1
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/files/motd Normal file
View File

@@ -0,0 +1 @@
This is the message of the day!

BIN
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/files/unrealircd_3.8.2.1.vuln.tar.gz Normal file
View File

Binary file not shown.

64
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config.pp Normal file
View File

@@ -0,0 +1,64 @@
class unrealirc_3281_backdoor::config
{
File {
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
}
# Create config file
$config_file = "${unrealirc_3281_backdoor::install_path}/unrealircd.conf"
file { $config_file:
ensure => file,
mode => '0600',
content => template('unrealirc_3281_backdoor/unrealircd.conf.erb'),
require => Exec['unrealirc-dir'],
}
$tmp_directory = "${unrealirc_3281_backdoor::install_path}/tmp"
file { $tmp_directory:
ensure => directory,
mode => '0777',
require => Exec['unrealirc-dir'],
}
# Create directory that will store included config files
file { 'unrealirc_config_directory':
path => "${unrealirc_3281_backdoor::install_path}/config",
ensure => directory,
require => Exec['unrealirc-dir'],
}
if $unrealirc_3281_backdoor::use_ssl {
$ssl_certificate = "${unrealirc_3281_backdoor::install_path}/server.cert.pem"
$ssl_key = "${unrealirc_3281_backdoor::install_path}/server.key.pem"
# This should fail if the variables are not declared
file { $ssl_certificate:
ensure => present,
source => $unrealirc_3281_backdoor::ssl_cert,
}
file { $ssl_key:
ensure => present,
source => $unrealirc_3281_backdoor::ssl_key,
}
}
$motd = "${unrealirc_3281_backdoor::install_path}/ircd.motd"
if $unrealirc_3281_backdoor::motd {
file { $motd:
ensure => present,
source => $unrealirc_3281_backdoor::motd,
}
} else {
file { $motd:
ensure => present,
source => 'puppet:///modules/unrealirc_3281_backdoor/motd',
}
}
# Define a default logger
file { $unrealirc_3281_backdoor::log_path:
ensure => file,
mode => '0640',
}
}

24
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/alias.pp Normal file
View File

@@ -0,0 +1,24 @@
# Type is services|stats|normal|channel|command
# Format is an array containing regex|target|type|parameters|command only when type is "command"
# Format Type is services|stats|normal|channel|command|real
define unrealirc_3281_backdoor::config::alias(
$aliasname,
$type,
$target = undef,
$spamfilter = undef,
$formats = undef,
)
{
if $formats and $type != 'command' {
fail("'formats' option must only be specified for 'command' alias type")
}
file { "${unrealirc_3281_backdoor::install_path}/config/alias_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/alias.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

23
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/allow.pp Normal file
View File

@@ -0,0 +1,23 @@
# Options is an array and can contain useip|noident|ssl|nopasscont
define unrealirc_3281_backdoor::config::allow(
$ip = '*@*',
$hostname = '*@*',
$class = 'clients',
$password = undef,
$password_auth_type = undef,
$maxperip = undef,
$ipv6_clone_mask = undef,
$redirect_server = undef,
$redirect_port = undef,
$options = undef,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/allow_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/allow.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

26
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/allowtype.pp Normal file
View File

@@ -0,0 +1,26 @@
# Type is channel|dcc
# Soft is yes|no
define unrealirc_3281_backdoor::config::allowtype (
$type,
$filename = undef,
$soft = undef,
$channel = undef,
)
{
if ($filename or $soft) and $type != 'dcc' {
fail("'filename' and 'soft' options must only be specified for 'dcc' allow type")
}
if $channel and $type != 'channel' {
fail("'channel' option must only be specified for 'channel' allow type")
}
file { "${unrealirc_3281_backdoor::install_path}/config/allowtype_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/allowtype.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

23
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/ban.pp Normal file
View File

@@ -0,0 +1,23 @@
# Type is nick|user|ip|version|server|realname
# Action is kill|tempshun|shun|kline|zline|gline|gzline and only for "version" type
define unrealirc_3281_backdoor::config::ban (
$type,
$mask,
$reason,
$action = undef,
)
{
if $action and $type != 'version' {
fail("'action' option must only be specified for 'version' ban type")
}
file { "${unrealirc_3281_backdoor::install_path}/config/ban_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/ban.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

47
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/deny.pp Normal file
View File

@@ -0,0 +1,47 @@
# Type is dcc|version|link|channel
# Soft and Warn is yes|no
# Typedenial is auto|all
define unrealirc_3281_backdoor::config::deny (
$type,
$filename = undef,
$reason = undef,
$soft = undef,
$mask = undef,
$version = undef,
$flags = undef,
$rule = undef,
$typedenial = undef,
$channel = undef,
$redirect = undef,
$warn = undef,
)
{
if ($filename or $soft) and $type != 'dcc' {
fail("'filename' and 'soft' options must only be specified for 'dcc' deny type")
}
if ($version or $flags) and $type != 'version' {
fail("'version' and 'flags' options must only be specified for 'version' deny type")
}
if ($rule or $typedenial) and $type != 'link' {
fail("'rule' and 'typedenial' options must only be specified for 'link' deny type")
}
if ($channel or $redirect or $warn) and $type != 'channel' {
fail("'channel', 'redirect' and 'warn' options must only be specified for 'channel' deny type")
}
if $reason and ($type != 'dcc' and $type != 'channel') {
fail("'reason' option must only be specified for 'dcc' and 'channel' deny types")
}
if $mask and ($type != 'version' and $type != 'link') {
fail("'mask' option must only be specified for 'version' and 'link' deny types")
}
file { "${unrealirc_3281_backdoor::install_path}/config/deny_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/deny.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

16
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/drpass.pp Normal file
View File

@@ -0,0 +1,16 @@
define unrealirc_3281_backdoor::config::drpass(
$restart = undef,
$restart_auth = undef,
$die = undef,
$die_auth = undef,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/drpass.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/drpass.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

22
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/except.pp Normal file
View File

@@ -0,0 +1,22 @@
# Type is ban|tkl|throttle
# Types is an array which can contains gline|gzline|qline|gqline|shun|all and only for "tkl" type
define unrealirc_3281_backdoor::config::except (
$type,
$mask,
$types = undef,
)
{
if $types and $type != 'tkl' {
fail("'types' option must only be specified for 'tkl' except type")
}
file { "${unrealirc_3281_backdoor::install_path}/config/except_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/except.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

20
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/files.pp Normal file
View File

@@ -0,0 +1,20 @@
define unrealirc_3281_backdoor::config::files(
$motd = undef,
$shortmotd = undef,
$opermotd = undef,
$svsmotd = undef,
$botmotd = undef,
$rules = undef,
$tunefile = undef,
$pidfile = $unrealirc_3281_backdoor::pidfile,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/files.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/files.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

13
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/include.pp Normal file
View File

@@ -0,0 +1,13 @@
define unrealirc_3281_backdoor::config::include (
$file,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/include_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/include.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

27
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/link.pp Normal file
View File

@@ -0,0 +1,27 @@
define unrealirc_3281_backdoor::config::link (
$servername,
$hostname,
$port,
$password_connect,
$password_receive,
$password_receive_auth = undef,
$username = '*',
$bind_ip = '*',
$hub = undef,
$leaf = undef,
$leafdepth = undef,
$linkclass = 'servers',
$compression_level = undef,
$ciphers = undef,
$options = [],
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/link_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/link.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

16
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/listen.pp Normal file
View File

@@ -0,0 +1,16 @@
# Options is an array and can contain clientsonly|serversonly|java|ssl
define unrealirc_3281_backdoor::config::listen (
$port,
$ip = '*',
$options = undef,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/listen_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/listen.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

15
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/log.pp Normal file
View File

@@ -0,0 +1,15 @@
define unrealirc_3281_backdoor::config::log(
$log_path = "${unrealirc_3281_backdoor::log_path}",
$maxsize = 2097152,
$flags = ['errors'],
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/log.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/log.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

15
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/official_channels.pp Normal file
View File

@@ -0,0 +1,15 @@
# Channels is an array containing for each element 'name' and 'topic'
define unrealirc_3281_backdoor::config::official_channels (
$channels = [],
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/officialchannels.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/official_channels.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

23
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/oper.pp Normal file
View File

@@ -0,0 +1,23 @@
define unrealirc_3281_backdoor::config::oper(
$username,
$password,
$operclass = 'clients',
$flags = ['local'],
$password_auth_type = undef,
$userhosts = ['*@*'],
$require_modes = undef,
$swhois = undef,
$snomask = undef,
$modes = undef,
$maxlogins = undef,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/oper_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/oper.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

115
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/set.pp Normal file
View File

@@ -0,0 +1,115 @@
# See doc at http://www.unrealircd.com/files/docs/unreal32docs.html#setblock
define unrealirc_3281_backdoor::config::set (
$kline_address = "contact@myserver.org",
$services_server = "services.myserver.org",
$cloak_keys_1 = "NGDJMSKFLa24",
$cloak_keys_2 = "ax9d2ujrjRQA",
$cloak_keys_3 = "ax9d25524ZSx",
$gline_address = undef,
$modes_on_connect = undef,
$snomasks_on_connect = undef,
$modes_on_oper = undef,
$snomasks_on_oper = undef,
$modes_on_join = undef,
$level_on_join = undef, # <none|voice|halfop|op|protect|owner>
$restrict_usermodes = undef,
$restrict_channelmodes = undef,
$restrict_extendedbans = undef,
$auto_join = undef,
$oper_auto_join = undef,
$anti_spam_quit_message_time = undef,
$prefix_quit = undef,
$static_quit = undef,
$static_part = undef,
$who_limit = undef,
$silence_limit = undef,
$maxbans = undef,
$maxbanlength = undef,
$oper_only_stats = undef, # Array
$maxchannelsperuser = 100,
$maxdccallow = undef,
$channel_command_prefix = undef,
$allowed_nickchars = undef,
$allow_userhost_change = undef, # <never|always|not-on-channels|force-rejoin>
$options_hide_ulines = undef,
$options_flat_map = undef,
$options_show_opermotd = undef,
$options_identd_check = undef,
$options_show_connect_info = undef,
$options_dont_resolve = undef,
$options_mkpasswd_for_everyone = undef,
$options_allow_part_if_shunned = undef,
$options_fail_oper_warn = undef,
$options_allow_insane_bans = undef,
$options_disable_cap = undef,
$nopost_ban_action = undef,
$nopost_ban_reason = undef,
$nopost_ban_time = undef,
$nopost_except_hosts = undef,
$dns_timeout = undef,
$dns_retries = undef,
$dns_nameserver = undef,
$dns_bind_ip = undef,
$network_name = "Public Name of My Server",
$default_server = "irc.myserver.org",
$default_ipv6_clone_mask = undef,
$stats_server = undef,
$sasl_server = undef,
$help_channel = "#help",
$hiddenhost_prefix = "+x",
$hosts_local = undef,
$hosts_global = "",
$hosts_coadmin = "",
$hosts_admin = "",
$hosts_servicesadmin = "",
$hosts_netadmin = "",
$hosts_host_on_oper_up = undef,
$ssl_egd = undef,
$ssl_certificate = undef,
$ssl_key = undef,
$ssl_trusted_ca_file = undef,
$ssl_server_cipher_list = undef,
$ssl_renegotiate_bytes = undef,
$ssl_renegociate_timeout = undef,
$ssl_options_fail_if_no_clientcert = undef,
$ssl_options_no_self_signed = undef,
$ssl_options_verify_certificate = undef,
$ssl_options_no_starttls = undef,
$throttle_period = undef,
$throttle_connections = undef,
$ident_connect_timeout = undef,
$ident_read_timeout = undef,
$anti_flood_unknown_flood_bantime = undef,
$anti_flood_unknown_flood_amount = undef,
$anti_flood_away_flood = undef,
$anti_flood_nick_flood = undef,
$default_bantime = undef,
$modef_default_unsettime = undef,
$modef_max_unsettime = undef,
$ban_version_tkl_time = undef,
$spamfilter_ban_time = undef,
$spamfilter_ban_reason = undef,
$spamfilter_virus_help_channel = undef,
$spamfilter_virus_help_channel_deny = undef,
$spamfilter_except = undef,
$spamfilter_showdetect_warn = undef,
$spamfilter_showdetect_fatal = undef,
$check_target_nick_bans = undef,
$timesynch_enabled = undef,
$timesynch_server = undef,
$timesynch_timeout = undef,
$ping_cookie = undef,
$pingpong_warning = undef,
$watch_away_notification = undef,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/set_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/set.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

21
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/tld.pp Normal file
View File

@@ -0,0 +1,21 @@
# Options is array and can contain 'ssl'
define unrealirc_3281_backdoor::config::tld(
$mask,
$motd = undef,
$shortmotd = undef,
$opermotd = undef,
$svsmotd = undef,
$botmotd = undef,
$channel = undef,
$options = undef,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/tld_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/tld.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

13
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/ulines.pp Normal file
View File

@@ -0,0 +1,13 @@
define unrealirc_3281_backdoor::config::ulines (
$servers = [],
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/ulines_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/ulines.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

18
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/config/vhost.pp Normal file
View File

@@ -0,0 +1,18 @@
define unrealirc_3281_backdoor::config::vhost(
$vhost,
$login,
$password,
$password_auth_type = undef,
$userhosts = ['*@*'],
$swhois = undef,
)
{
file { "${unrealirc_3281_backdoor::install_path}/config/vhost_${name}.conf":
ensure => file,
mode => '0600',
owner => $unrealirc_3281_backdoor::user,
group => $unrealirc_3281_backdoor::group,
content => template('unrealirc_3281_backdoor/config/vhost.conf.erb'),
require => File['unrealirc_config_directory'],
}
}

48
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/init.pp Normal file
View File

@@ -0,0 +1,48 @@
class unrealirc_3281_backdoor(
$install_path = '/var/lib/unreal',
$user = 'irc',
$group = 'irc',
$log_path = '/var/log/ircd.log',
$servername = 'irc.myserver.org',
$serverdesc = 'Description of irc server',
$maxusers = 100,
$maxservers = 10,
$admins = ['admin <admin@myserver.org>'],
$pidfile = '/var/lib/unreal/ircd.pid',
$filename = 'Unreal3.2.8.1',
$use_ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$motd = undef
) {
unrealirc_3281_backdoor::config::set { 'network':
network_name => "Public Name of My Server",
default_server => "irc.myserver.org",
services_server => "services.myserver.org",
kline_address => "contact@myserver.org",
maxchannelsperuser => 100,
hosts_global => "",
hosts_admin => "",
hosts_netadmin => "",
hosts_servicesadmin => "",
hosts_coadmin => "",
help_channel => "#help",
hiddenhost_prefix => "+x",
cloak_keys_1 => "NGDJMSKFLa24",
cloak_keys_2 => "ax9d2ujrjRQA",
cloak_keys_3 => "ax9d25524ZSx"
}
unrealirc_3281_backdoor::config::listen { 'default_6667':
port => 6667,
}
unrealirc_3281_backdoor::config::log { 'default':
flags => ['oper','kline','connects','server-connects','kills','errors','sadmin-commands','chg-commands','oper-override','spamfilter'],
}
class { '::unrealirc_3281_backdoor::install': } ->
class { '::unrealirc_3281_backdoor::config': } ~>
class { '::unrealirc_3281_backdoor::service': }
}

75
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/install.pp Normal file
View File

@@ -0,0 +1,75 @@
class unrealirc_3281_backdoor::install {
Exec {
path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
}
$filename = "${unrealirc_3281_backdoor::filename}"
$archive = "${filename}.tar.gz"
$configure = "bash configure --with-showlistmodes --with-listen=5 --with-dpath=${unrealirc_3281_backdoor::install_path} --with-spath=${unrealirc_3281_backdoor::install_path}/src/ircd --with-nick-history=2000 --with-sendq=3000000 --with-bufferpool=18 --with-permissions=0600 --with-fd-setsize=1024 --enable-dynamic-linking"
# Create irc user and group
group { $unrealirc_3281_backdoor::group:
ensure => present,
}
user { $unrealirc_3281_backdoor::group:
ensure => present,
gid => $unrealirc_3281_backdoor::group,
require => Group[$unrealirc_3281_backdoor::group],
}
# Retrieve and unpack unrealirc
file { "/tmp/${archive}":
owner => root,
group => root,
mode => '0775',
ensure => file,
source => "puppet:///modules/unrealirc_3281_backdoor/${archive}",
notify => Exec['extract-unrealirc'],
}
exec { 'extract-unrealirc':
command => "tar -xvzf /tmp/${archive}",
cwd => '/tmp',
require => File["/tmp/${archive}"],
}
# Move extracted directory to install path
exec { 'unrealirc-dir':
command => "mv `ls -d /tmp/*/ | grep -i unreal | awk '{ print $1 }'` ${unrealirc_3281_backdoor::install_path}",
creates => "${unrealirc_3281_backdoor::install_path}",
require => Exec['extract-unrealirc'],
}
# Configure and make unrealircd, with or without ssl enabled
if $unrealirc_3281_backdoor::use_ssl {
package { 'libssl-dev':
ensure => present,
}
exec { 'make-unrealirc':
command => "${configure} --enable-ssl && make",
timeout => 0,
cwd => "${unrealirc_3281_backdoor::install_path}",
creates => "${unrealirc_3281_backdoor::install_path}/unreal",
require => [ Package['libssl-dev'], Exec['unrealirc-dir'] ],
}
} else {
exec { 'make-unrealirc':
command => "${configure} && make",
timeout => 0,
cwd => "${unrealirc_3281_backdoor::install_path}",
creates => "${unrealirc_3281_backdoor::install_path}/unreal",
require => Exec['unrealirc-dir'],
}
}
exec { 'chown-unrealirc-dir':
command => "chown -R ${unrealirc_3281_backdoor::user}:${unrealirc_3281_backdoor::group} ${unrealirc_3281_backdoor::install_path}",
require => [ Group[$unrealirc_3281_backdoor::group], User[$unrealirc_3281_backdoor::user], Exec['make-unrealirc'] ],
}
exec { 'remove-archive':
command => "rm /tmp/${archive}"
}
}

36
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/manifests/service.pp Normal file
View File

@@ -0,0 +1,36 @@
class unrealirc_3281_backdoor::service {
Exec {
path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
}
if $::osfamily == 'Debian' {
file { '/etc/init.d/unreal':
ensure => file,
mode => '0755',
content => template('unrealirc_3281_backdoor/unreal.erb'),
}
exec { 'unrealirc_autoload':
command => 'update-rc.d unreal defaults',
require => File['/etc/init.d/unreal'],
}
service { 'unreal':
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
require => File['/etc/init.d/unreal'],
notify => Exec['initial_run'],
}
exec { 'initial_run':
command => '/etc/init.d/unreal start'
}
}
}

31
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/secgen_metadata.xml Normal file
View File

@@ -0,0 +1,31 @@
<?xml version="1.0"?>
<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability ">
<name>UnrealIRCd 3.2.8.1 Backdoor</name>
<author>Thomas Shaw</author>
<module_license>MIT</module_license>
<description>
Backdoored version of the UnrealIRCd 3.2.8.1 introduced to some file mirrors in November 2009
</description>
<type>irc</type>
<privilege>user</privilege>
<access>remote</access>
<platform>linux</platform>
<!--optional vulnerability details-->
<difficulty>low</difficulty>
<!--<cve></cve>-->
<cvss_base_score>10</cvss_base_score>
<cvss_vector>AV:N/AC:L/Au:N/C:C/I:C/A:C</cvss_vector>
<!--optional details-->
<reference>https://www.unrealircd.org/txt/unrealsecadvisory.20100612.txt</reference>
<reference>https://www.rapid7.com/db/modules/exploit/unix/irc/unreal_ircd_3281_backdoor</reference>
<reference>https://github.com/Tehnix/puppet-unrealirc</reference>
<software_name>unrealircd</software_name>
<software_license>MIT</software_license>
</vulnerability>

25
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/alias.conf.erb Normal file
View File

@@ -0,0 +1,25 @@
alias <%= @aliasname %> {
type <%= @type %>;
<% if @target -%>
target <%= @target %>;
<% end -%>
<% @formats.each do |format| -%>
format "<%= format['regex'] %>" {
<% if format['target'] -%>
target <%= format['target'] %>;
<% end -%>
<% if format['command'] -%>
command <%= format['command'] %>;
<% end -%>
<% if format['type'] -%>
type <%= format['type'] %>;
<% end -%>
<% if format['parameters'] -%>
parameters <%= format['parameters'] %>;
<% end -%>
};
<% end -%>
<% if @spamfilter -%>
spamfilter <%= @spamfilter %>;
<% end -%>
};

31
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/allow.conf.erb Normal file
View File

@@ -0,0 +1,31 @@
allow {
ip <%= @ip %>;
hostname <%= @hostname %>;
class <%= @class %>;
<% if @password -%>
<% if @password_auth -%>
password "<%= @password %>" { <%= @password_auth %>; };
<% else -%>
password "<%= @password %>";
<% end -%>
<% end -%>
<% if @maxperip -%>
maxperip <%= @maxperip %>;
<% end -%>
<% if @ipv6_clone_mask -%>
ipv6-clone-mask <%= @ipv6_clone_mask %>;
<% end -%>
<% if @redirect_server -%>
redirect-server <%= @redirect_server %>;
<% end -%>
<% if @redirect_port -%>
redirect-port <%= @redirect_port %>;
<% end -%>
<% if @options -%>
options {
<% @options.each do |option| -%>
<%= option %>;
<% end -%>
};
<% end -%>
};

11
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/allowtype.conf.erb Normal file
View File

@@ -0,0 +1,11 @@
allow <%= @type %> {
<% if @filename -%>
filename "<%= @filename %>";
<% end -%>
<% if @soft -%>
soft "<%= @soft %>";
<% end -%>
<% if @channel -%>
channel "<%= @channel %>";
<% end -%>
};

7
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/ban.conf.erb Normal file
View File

@@ -0,0 +1,7 @@
ban <%= @type %> {
mask "<%= @mask %>";
reason "<%= @reason %>";
<% if @action -%>
action "<%= @action %>";
<% end -%>
};

35
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/deny.conf.erb Normal file
View File

@@ -0,0 +1,35 @@
deny <%= @type %> {
<% if @mask -%>
mask "<%= @mask %>";
<% end -%>
<% if @filename -%>
filename "<%= @filename %>";
<% end -%>
<% if @reason -%>
reason "<%= @reason %>";
<% end -%>
<% if @soft -%>
soft "<%= @soft %>";
<% end -%>
<% if @version -%>
version "<%= @version %>";
<% end -%>
<% if @flags -%>
flags "<%= @flags %>";
<% end -%>
<% if @rule -%>
rule "<%= @rule %>";
<% end -%>
<% if @typedenial -%>
type "<%= @typedenial %>";
<% end -%>
<% if @channel -%>
channel "<%= @channel %>";
<% end -%>
<% if @redirect -%>
redirect "<%= @redirect %>";
<% end -%>
<% if @warn -%>
warn "<%= @warn %>";
<% end -%>
};

16
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/drpass.conf.erb Normal file
View File

@@ -0,0 +1,16 @@
drpass {
<% if @restart -%>
<% if @restart_auth -%>
restart "<%= @restart %>" { <%= @restart_auth %>; };
<% else -%>
restart "<%= @restart %>";
<% end -%>
<% end -%>
<% if @die -%>
<% if @die_auth -%>
die "<%= @die %>" { <%= @die_auth %>; };
<% else -%>
die "<%= @die %>";
<% end -%>
<% end -%>
};

10
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/except.conf.erb Normal file
View File

@@ -0,0 +1,10 @@
except <%= @type %> {
mask "<%= @mask %>";
<% if @types -%>
type {
<% @types.each do |type| -%>
<%= type %>;
<% end -%>
};
<% end -%>
};

26
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/files.conf.erb Normal file
View File

@@ -0,0 +1,26 @@
files {
<% if @motd -%>
motd "<%= @motd %>";
<% end -%>
<% if @shortmotd -%>
shortmotd "<%= @shortmotd %>";
<% end -%>
<% if @opermotd -%>
opermotd "<%= @opermotd %>";
<% end -%>
<% if @svsmotd -%>
svsmotd "<%= @svsmotd %>";
<% end -%>
<% if @botmotd -%>
botmotd "<%= @botmotd %>";
<% end -%>
<% if @rules -%>
rules "<%= @rules %>";
<% end -%>
<% if @tunefile -%>
tunefile "<%= @tunefile %>";
<% end -%>
<% if @pidfile -%>
pidfile "<%= @pidfile %>";
<% end -%>
};

1
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/include.conf.erb Normal file
View File

@@ -0,0 +1 @@
include "<%= @file %>";

35
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/link.conf.erb Normal file
View File

@@ -0,0 +1,35 @@
link <%= @servername %>
{
hostname <%= @hostname %>;
port <%= @port %>;
password-connect "<%= @password_connect %>";
<% if @password_receive_auth -%>
password-receive "<%= @password_receive %>" { <%= @password_receive_auth %>; };
<% else -%>
password-receive "<%= @password_receive %>";
<% end -%>
username <%= @username %>;
bind-ip <%= @bind_ip %>;
<% if @hub -%>
hub <%= @hub %>;
<% end -%>
<% if @leaf -%>
leaf <%= @leaf %>;
<% end -%>
<% if @leafdepth -%>
leafdepth <%= @leafdepth %>;
<% end -%>
class <%= @linkclass %>;
<% if @compression_level -%>
compression-level <%= @compression_level %>;
<% end -%>
<% if @ciphers -%>
ciphers <%= @ciphers %>;
<% end -%>
options
{
<% @options.each do |option| -%>
<%= option %>;
<% end -%>
};
};

11
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/listen.conf.erb Normal file
View File

@@ -0,0 +1,11 @@
<% if @options -%>
listen <%= @ip %>:<%= @port %> {
options {
<% @options.each do |option| -%>
<%= option %>;
<% end -%>
};
};
<% else -%>
listen <%= @ip %>:<%= @port %>;
<% end -%>

10
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/log.conf.erb Normal file
View File

@@ -0,0 +1,10 @@
log "<%= @log_path %>" {
maxsize <%= @maxsize %>;
<% if @flags -%>
flags {
<% @flags.each do |flag| -%>
<%= flag %>;
<% end -%>
};
<% end -%>
};

9
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/official_channels.conf.erb Normal file
View File

@@ -0,0 +1,9 @@
official-channels {
<% @channels.each do |channel| -%>
<% if channel['topic'] -%>
"<%= channel['name'] %>" { topic "<%= channel['topic'] %>"; };
<% else -%>
"<%= channel['name'] %>";
<% end -%>
<% end -%>
};

34
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/oper.conf.erb Normal file
View File

@@ -0,0 +1,34 @@
oper <%= @username %> {
from {
<% @userhosts.each do |val| -%>
userhost <%= val %>;
<% end -%>
};
<% if @password_auth_type -%>
password "<%= @password %>" { <%= @password_auth_type %>; };
<% else -%>
password "<%= @password %>";
<% end -%>
class <%= @operclass %>;
flags
{
<% @flags.each do |flag| -%>
<%= flag %>;
<% end -%>
};
<% if @swhois -%>
swhois "<%= @swhois %>";
<% end -%>
<% if @snomask -%>
snomask <%= @snomask %>;
<% end -%>
<% if @require_modes -%>
require-modes <%= @require_modes %>;
<% end -%>
<% if @modes -%>
modes <%= @modes %>;
<% end -%>
<% if @maxlogins -%>
maxlogins <%= @maxlogins %>;
<% end -%>
};

353
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/set.conf.erb Normal file
View File

@@ -0,0 +1,353 @@
set {
<% if @kline_address -%>
kline-address "<%= @kline_address %>";
<% end -%>
<% if @services_server -%>
services-server "<%= @services_server %>";
<% end -%>
<% if @cloak_keys_1 or @cloak_keys_2 or @cloak_keys_3 -%>
cloak-keys {
<% if @cloak_keys_1 -%>
"<%= @cloak_keys_1 %>";
<% end -%>
<% if @cloak_keys_2 -%>
"<%= @cloak_keys_2 %>";
<% end -%>
<% if @cloak_keys_3 -%>
"<%= @cloak_keys_3 %>";
<% end -%>
};
<% end -%>
<% if @gline_address -%>
gline-address "<%= @gline_address %>";
<% end -%>
<% if @modes_on_connect -%>
modes-on-connect "<%= @modes_on_connect %>";
<% end -%>
<% if @snomasks_on_connect -%>
snomasks-on-connect "<%= @snomasks_on_connect %>";
<% end -%>
<% if @modes_on_oper -%>
modes-on-oper "<%= @modes_on_oper %>";
<% end -%>
<% if @snomasks_on_oper -%>
snomasks-on-oper "<%= @snomasks_on_oper %>";
<% end -%>
<% if @modes_on_join -%>
modes-on-join "<%= @modes_on_join %>";
<% end -%>
<% if @level_on_join -%>
level-on-join "<%= @level_on_join %>";
<% end -%>
<% if @restrict_usermodes -%>
restrict-usermodes "<%= @restrict_usermodes %>";
<% end -%>
<% if @restrict_channelmodes -%>
restrict-channelmodes "<%= @restrict_channelmodes %>";
<% end -%>
<% if @restrict_extendedbans -%>
restrict-extendedbans "<%= @restrict_extendedbans %>";
<% end -%>
<% if @auto_join -%>
auto-join "<%= @auto_join %>";
<% end -%>
<% if @oper_auto_join -%>
oper-auto-join "<%= @oper_auto_join %>";
<% end -%>
<% if @anti_spam_quit_message_time -%>
anti-spam-quit-message-time "<%= @anti_spam_quit_message_time %>";
<% end -%>
<% if @prefix_quit -%>
prefix-quit "<%= @prefix_quit %>";
<% end -%>
<% if @static_quit -%>
static-quit "<%= @static_quit %>";
<% end -%>
<% if @static_part -%>
static-part "<%= @static_part %>";
<% end -%>
<% if @who_limit -%>
who-limit "<%= @who_limit %>";
<% end -%>
<% if @silence_limit -%>
silence-limit "<%= @silence_limit %>";
<% end -%>
<% if @maxbans -%>
maxbans "<%= @maxbans %>";
<% end -%>
<% if @maxbanlength -%>
maxbanlength "<%= @maxbanlength %>";
<% end -%>
<% if @oper_only_stats -%>
oper-only-stats "<%= @oper_only_stats %>";
<% end -%>
<% if @maxchannelsperuser -%>
maxchannelsperuser "<%= @maxchannelsperuser %>";
<% end -%>
<% if @maxdccallow -%>
maxdccallow "<%= @maxdccallow %>";
<% end -%>
<% if @channel_command_prefix -%>
channel-command-prefix "<%= @channel_command_prefix %>";
<% end -%>
<% if @allowed_nickchars -%>
allowed-nickchars "<%= @allowed_nickchars %>";
<% end -%>
<% if @allow_userhost_change -%>
allow-userhost-change "<%= @allow_userhost_change %>";
<% end -%>
<% if @options_hide_ulines or @options_flat_map or @options_show_opermotd or @options_identd_check or @options_show_connect_info or @options_dont_resolve or @options_mkpasswd_for_everyone or @options_allow_part_if_shunned or @options_fail_oper_warn or @options_allow_insane_bans or @options_disable_cap -%>
options {
<% if @options_hide_ulines -%>
hide-ulines "<%= @options_hide_ulines %>";
<% end -%>
<% if @options_flat_map -%>
flat-map "<%= @options_flat_map %>";
<% end -%>
<% if @options_show_opermotd -%>
show-opermotd "<%= @options_show_opermotd %>";
<% end -%>
<% if @options_identd_check -%>
identd-check "<%= @options_identd_check %>";
<% end -%>
<% if @options_show_connect_info -%>
show-connect-info "<%= @options_show_connect_info %>";
<% end -%>
<% if @options_dont_resolve -%>
dont-resolve "<%= @options_dont_resolve %>";
<% end -%>
<% if @options_mkpasswd_for_everyone -%>
mkpasswd-for-everyone "<%= @options_mkpasswd_for_everyone %>";
<% end -%>
<% if @options_allow_part_if_shunned -%>
allow-part-if-shunned "<%= @options_allow_part_if_shunned %>";
<% end -%>
<% if @options_fail_oper_warn -%>
fail-oper-warn "<%= @options_fail_oper_warn %>";
<% end -%>
<% if @options_allow_insane_bans -%>
allow-insane-bans "<%= @options_allow_insane_bans %>";
<% end -%>
<% if @options_disable_cap -%>
disable-cap "<%= @options_disable_cap %>";
<% end -%>
};
<% end -%>
<% if @nopost_ban_action or @nopost_ban_reason or @nopost_ban_time or @nopost_except_hosts -%>
nopost {
<% if @nopost_ban_action -%>
ban-action "<%= @nopost_ban_action %>";
<% end -%>
<% if @nopost_ban_reason -%>
ban-reason "<%= @nopost_ban_reason %>";
<% end -%>
<% if @nopost_ban_time -%>
ban-time "<%= @nopost_ban_time %>";
<% end -%>
<% if @nopost_except_hosts -%>
except-hosts "<%= @nopost_except_hosts %>";
<% end -%>
};
<% end -%>
<% if @dns_timeout or @dns_retries or @dns_nameserver or @dns_bind_ip -%>
dns {
<% if @dns_timeout -%>
timeout "<%= @dns_timeout %>";
<% end -%>
<% if @dns_retries -%>
retries "<%= @dns_retries %>";
<% end -%>
<% if @dns_nameserver -%>
nameserver "<%= @dns_nameserver %>";
<% end -%>
<% if @dns_bind_ip -%>
bind-ip "<%= @dns_bind_ip %>";
<% end -%>
};
<% end -%>
<% if @network_name -%>
network-name "<%= @network_name %>";
<% end -%>
<% if @default_server -%>
default-server "<%= @default_server %>";
<% end -%>
<% if @default_ipv6_clone_mask -%>
default-ipv6-clone-mask "<%= @default_ipv6_clone_mask %>";
<% end -%>
<% if @stats_server -%>
stats-server "<%= @stats_server %>";
<% end -%>
<% if @sasl_server -%>
sasl-server "<%= @sasl_server %>";
<% end -%>
<% if @help_channel -%>
help-channel "<%= @help_channel %>";
<% end -%>
<% if @hiddenhost_prefix -%>
hiddenhost-prefix "<%= @hiddenhost_prefix %>";
<% end -%>
<% if @hosts_local or @hosts_global or @hosts_coadmin or @hosts_admin or @hosts_servicesadmin or @hosts_netadmin or @hosts_host_on_oper_up -%>
hosts {
<% if @hosts_local -%>
local "<%= @hosts_local %>";
<% end -%>
<% if @hosts_global -%>
global "<%= @hosts_global %>";
<% end -%>
<% if @hosts_coadmin -%>
coadmin "<%= @hosts_coadmin %>";
<% end -%>
<% if @hosts_admin -%>
admin "<%= @hosts_admin %>";
<% end -%>
<% if @hosts_servicesadmin -%>
servicesadmin "<%= @hosts_servicesadmin %>";
<% end -%>
<% if @hosts_netadmin -%>
netadmin "<%= @hosts_netadmin %>";
<% end -%>
<% if @hosts_host_on_oper_up -%>
host-on-oper-up "<%= @hosts_host_on_oper_up %>";
<% end -%>
};
<% end -%>
<% if @ssl_egd or @ssl_certificate or @ssl_key or @ssl_trusted_ca_file or @ssl_server_cipher_list or @ssl_server_cipher_list or @ssl_renegotiate_bytes or @ssl_renegociate_timeout or @ssl_options_fail_if_no_clientcert or @ssl_options_no_self_signed or @ssl_options_verify_certificate or @ssl_options_no_starttls -%>
ssl {
<% if @ssl_egd -%>
egd "<%= @ssl_egd %>";
<% end -%>
<% if @ssl_certificate -%>
certificate "<%= @ssl_certificate %>";
<% end -%>
<% if @ssl_key -%>
key "<%= @ssl_key %>";
<% end -%>
<% if @ssl_trusted_ca_file -%>
trusted-ca-file "<%= @ssl_trusted_ca_file %>";
<% end -%>
<% if @ssl_server_cipher_list -%>
server-cipher-list "<%= @ssl_server_cipher_list %>";
<% end -%>
<% if @ssl_renegotiate_bytes -%>
renegotiate-bytes "<%= @ssl_renegotiate_bytes %>";
<% end -%>
<% if @ssl_renegociate_timeout -%>
renegociate-timeout "<%= @ssl_renegociate_timeout %>";
<% end -%>
<% if @ssl_options_fail_if_no_clientcert or @ssl_options_no_self_signed or @ssl_options_verify_certificate or @ssl_options_no_starttls -%>
options {
<% if @ssl_options_fail_if_no_clientcert -%>
fail-if-no-clientcert "<%= @ssl_options_fail_if_no_clientcert %>";
<% end -%>
<% if @ssl_options_no_self_signed -%>
no-self-signed "<%= @ssl_options_no_self_signed %>";
<% end -%>
<% if @ssl_options_verify_certificate -%>
verify-certificate "<%= @ssl_options_verify_certificate %>";
<% end -%>
<% if @ssl_options_no_starttls -%>
no-starttls "<%= @ssl_options_no_starttls %>";
<% end -%>
};
<% end -%>
};
<% end -%>
<% if @throttle_period or @throttle_connections-%>
throttle {
<% if @throttle_period -%>
period "<%= @throttle_period %>";
<% end -%>
<% if @throttle_connections -%>
connections "<%= @throttle_connections %>";
<% end -%>
};
<% end -%>
<% if @ident_connect_timeout or @ident_read_timeout -%>
ident {
<% if @ident_connect_timeout -%>
connect-timeout "<%= @ident_connect_timeout %>";
<% end -%>
<% if @ident_read_timeout -%>
read-timeout "<%= @ident_read_timeout %>";
<% end -%>
};
<% end -%>
<% if @anti_flood_unknown_flood_bantime or @anti_flood_unknown_flood_amount or @anti_flood_away_flood or @anti_flood_nick_flood -%>
anti-flood {
<% if @anti_flood_unknown_flood_bantime -%>
unknown-flood-bantime "<%= @anti_flood_unknown_flood_bantime %>";
<% end -%>
<% if @anti_flood_unknown_flood_amount -%>
unknown-flood-amount "<%= @anti_flood_unknown_flood_amount %>";
<% end -%>
<% if @anti_flood_away_flood -%>
away-flood "<%= @anti_flood_away_flood %>";
<% end -%>
<% if @anti_flood_nick_flood -%>
nick-flood "<%= @anti_flood_nick_flood %>";
<% end -%>
};
<% end -%>
<% if @default_bantime -%>
default-bantime "<%= @default_bantime %>";
<% end -%>
<% if @modef_default_unsettime -%>
modef-default-unsettime "<%= @modef_default_unsettime %>";
<% end -%>
<% if @modef_max_unsettime -%>
modef-max-unsettime "<%= @modef_max_unsettime %>";
<% end -%>
<% if @ban_version_tkl_time -%>
ban-version-tkl-time "<%= @ban_version_tkl_time %>";
<% end -%>
<% if @spamfilter_ban_time or @spamfilter_ban_reason or @spamfilter_virus_help_channel or @spamfilter_virus_help_channel_deny or @spamfilter_except or @spamfilter_showdetect_warn or @spamfilter_showdetect_fatal -%>
spamfilter {
<% if @spamfilter_ban_time -%>
ban-time "<%= @spamfilter_ban_time %>";
<% end -%>
<% if @spamfilter_ban_reason -%>
ban-reason "<%= @spamfilter_ban_reason %>";
<% end -%>
<% if @spamfilter_virus_help_channel -%>
virus-help-channel "<%= @spamfilter_virus_help_channel %>";
<% end -%>
<% if @spamfilter_virus_help_channel_deny -%>
virus-help-channel-deny "<%= @spamfilter_virus_help_channel_deny %>";
<% end -%>
<% if @spamfilter_except -%>
except "<%= @spamfilter_except %>";
<% end -%>
<% if @spamfilter_showdetect_warn -%>
showdetect-warn "<%= @spamfilter_showdetect_warn %>";
<% end -%>
<% if @spamfilter_showdetect_fatal -%>
showdetect-fatal "<%= @spamfilter_showdetect_fatal %>";
<% end -%>
};
<% end -%>
<% if @check_target_nick_bans -%>
check-target-nick-bans "<%= @check_target_nick_bans %>";
<% end -%>
<% if @timesynch_enabled or @timesynch_server or @timesynch_timeout -%>
timesynch {
<% if @timesynch_enabled -%>
enabled "<%= @timesynch_enabled %>";
<% end -%>
<% if @timesynch_server -%>
server "<%= @timesynch_server %>";
<% end -%>
<% if @timesynch_timeout -%>
timeout "<%= @timesynch_timeout %>";
<% end -%>
};
<% end -%>
<% if @ping_cookie -%>
ping-cookie "<%= @ping_cookie %>";
<% end -%>
<% if @pingpong_warning -%>
pingpong-warning "<%= @pingpong_warning %>";
<% end -%>
<% if @watch_away_notification -%>
watch-away-notification "<%= @watch_away_notification %>";
<% end -%>
};

28
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/tld.conf.erb Normal file
View File

@@ -0,0 +1,28 @@
tld {
mask "<%= @mask %>";
<% if @motd -%>
motd "<%= @motd %>";
<% end -%>
<% if @shortmotd -%>
shortmotd "<%= @shortmotd %>";
<% end -%>
<% if @opermotd -%>
opermotd "<%= @opermotd %>";
<% end -%>
<% if @svsmotd -%>
svsmotd "<%= @vhost %>";
<% end -%>
<% if @botmotd -%>
botmotd "<%= @botmotd %>";
<% end -%>
<% if @channel -%>
channel "<%= @channel %>";
<% end -%>
<% if @options -%>
options {
<% @options.each do |option| -%>
<%= option %>;
<% end -%>
};
<% end -%>
};

5
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/ulines.conf.erb Normal file
View File

@@ -0,0 +1,5 @@
ulines {
<% @servers.each do |server| -%>
<%= server %>;
<% end -%>
};

17
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/config/vhost.conf.erb Normal file
View File

@@ -0,0 +1,17 @@
vhost {
vhost <%= @vhost %>;
from {
<% @userhosts.each do |val| -%>
userhost <%= val %>;
<% end -%>
};
login <%= @login %>;
<% if @password_auth_type -%>
password "<%= @password %>" { <%= @password_auth_type %>; };
<% else -%>
password "<%= @password %>";
<% end -%>
<% if @swhois -%>
swhois "<%= @swhois %>";
<% end -%>
};

139
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/unreal.erb Normal file
View File

@@ -0,0 +1,139 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: ircd
# Required-Start: $remote_fs $network $syslog
# Required-Stop: $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: UnrealIRCd daemon init.d script
# Description: Use to manage the UnrealIRCd daemon.
### END INIT INFO
DESC="Unreal (<%= scope.lookupvar('unrealirc_3281_backdoor::servername') %>)"
NAME=unreal
DAEMON=<%= scope.lookupvar('unrealirc_3281_backdoor::install_path') %>/src/ircd
DAEMON_ARGS=""
USER=<%= scope.lookupvar('unrealirc_3281_backdoor::user') %>
GROUP=<%= scope.lookupvar('unrealirc_3281_backdoor::group') %>
PIDFILE=<%= scope.lookupvar('unrealirc_3281_backdoor::pidfile') %>
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet -c $USER:$GROUP --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet -c $USER:$GROUP --pidfile $PIDFILE --background --exec $DAEMON -- \
$DAEMON_ARGS > /dev/null\
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
return 0
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
reload)
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg $?
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload}" >&2
exit 3
;;
esac
:

56
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/templates/unrealircd.conf.erb Normal file
View File

@@ -0,0 +1,56 @@
# Example UnrealIRCd 3.2.8.1 configuration file
# Written by Mp5shooter for the SwiftIRC Wiki
# http://wiki.SwiftIRC.net/
/* If your server is running Linux, remove the two slashes in front of both of the following lines. */
loadmodule "src/modules/commands.so";
loadmodule "src/modules/cloak.so";
/* If your server is running Windows, remove the two slashes in front of both of the following lines. */
//loadmodule "modules/commands.dll";
//loadmodule "modules/cloak.dll";
# This is the me {} block
me {
name "<%= scope.lookupvar('unrealirc_3281_backdoor::servername') %>";
info "<%= scope.lookupvar('unrealirc_3281_backdoor::serverdesc') %>";
numeric 1;
};
# This is the admin {} block
admin {
<% scope.lookupvar('unrealirc_3281_backdoor::admins').each do |val| -%>
"<%= val %>";
<% end -%>
};
# Required
class clients
{
pingfreq 90;
maxclients <%= scope.lookupvar('unrealirc_3281_backdoor::maxusers') %>;
sendq 100000;
recvq 8000;
};
class servers
{
pingfreq 120;
maxclients <%= scope.lookupvar('unrealirc_3281_backdoor::maxservers') %>;
sendq 1000000;
connfreq 100;
};
alias NickServ { type services; };
alias ChanServ { type services; };
alias OperServ { type services; };
alias HelpServ { type services; };
include "help.conf";
include "badwords.channel.conf";
include "badwords.message.conf";
include "badwords.quit.conf";
include "spamfilter.conf";
include "aliases/anope.conf";
include "config/*.conf";

3
modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/unrealirc_3281_backdoor.pp Normal file
View File

@@ -0,0 +1,3 @@
class{ 'unrealirc_3281_backdoor':
filename => 'unrealircd_3.8.2.1.vuln'
}

12
scenarios/simple_examples/unrealirc_backdoor_vulnerability.xml Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<system>
<system_name>random_server</system_name>
<base module_path="modules/bases/debian_puppet_32"/>
<vulnerability module_path="modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor"/>
</system>
</scenario>