Exploit for Improper Input Validation in Unrealircd CVE-2010-2075

Name: Exploit for Improper Input Validation in Unrealircd CVE-2010-2075
Rating: 5 (6 reviews)
2026-06-05 | CVSS 7.5
## https://sploitus.com/exploit?id=718B8940-9B73-51E2-8CE6-791317706E69
# CVE-2010-2075 – UnrealIRCd Backdoor Remote Code Execution

## Overview

This repository documents the analysis and exploitation of CVE-2010-2075, a backdoor vulnerability affecting UnrealIRCd 3.2.8.1.

The vulnerability was reproduced in a controlled laboratory environment using Metasploitable 2 as the target machine and Parrot OS as the attacking system. The objective was to identify the vulnerable service, verify the presence of the backdoor, and demonstrate the impact of successful exploitation.

## Vulnerability Details

| Field              | Value                          |
| ------------------ | ------------------------------ |
| CVE ID             | CVE-2010-2075                  |
| Software           | UnrealIRCd 3.2.8.1             |
| Service Port       | 6667/TCP                       |
| Vulnerability Type | Backdoor Remote Code Execution |
| Severity           | High                           |
| Target Platform    | Metasploitable 2               |

## Lab Environment

* Attacker Machine: Parrot OS
* Target Machine: Metasploitable 2
* Target IP: 192.168.56.101
* Network: Isolated Virtual Lab

## Discovery Process

The assessment began with network reconnaissance to identify active services running on the target system.

Service enumeration revealed that UnrealIRCd was listening on port 6667. Further investigation confirmed the presence of the vulnerable UnrealIRCd 3.2.8.1 version associated with CVE-2010-2075.

## Exploitation Summary

After confirming the vulnerable service, the corresponding exploit module was used to validate the vulnerability.

Successful exploitation resulted in remote command execution on the target machine, demonstrating complete compromise of the affected service.

## Impact

A successful attacker can:

* Execute arbitrary commands remotely
* Gain unauthorized access to the system
* Read and modify sensitive files
* Install malware or persistent backdoors
* Potentially pivot to other systems within the network

## Remediation

* Upgrade UnrealIRCd to a patched version.
* Remove compromised installations.
* Restrict access using firewall rules.
* Disable unnecessary IRC services.
* Perform regular vulnerability assessments.

## Full Report

The complete technical report, screenshots, evidence, and testing methodology can be found in:

[📄 **CVE-2010-2075.pdf**](./report/CVE-2010-2075.pdf)

## Disclaimer

This project was conducted in an isolated laboratory environment for educational and authorized security research purposes only.