Digital Security Report

CVE-2010-2075

Student Details
Name: Krishna Kumar Nayak
University ID: 77261138
Group: Level 6
Submission Date: 14 may 2023
Word Count: 2948
Table of Contents Pages
1. Abstract...........................................................................................................3
2. Introduction....................................................................................................3
3. Description of vulnerability, Exploits and Attack Software..........................4
3.1 Vulnerability.............................................................................................4
3.2 Exploits and Attack Software...................................................................4
4. Difference between vulnerability, Exploits and attack software..................5
4.1 Vulnerability..............................................................................................5
4.2 Exploits......................................................................................................5
4.3 Attack Software.........................................................................................5
5. Anatomy of Attack............................................................................................5
5.1 Information Gathering..........................................................................6-10
5.2 Exploitation..........................................................................................10-14
5.3 Post Exploitation..................................................................................14-18
6. Recommendations for Preventing Attack......................................................18
7. Related Software.............................................................................................19
8. Critical Reflection (L7 only).............................................................................19
9. Conclusion....................................................................................................19-20
10. References....................................................................................................20-21
 1. Abstract
This report is based on vulnerability named CVE-2010-2075. CVE-2010-2075 is a security flaw
in the Linux kernel that affects versions 2.6.18 through 2.6.34. Remote attackers can exploit this
vulnerability to perform a denial-of-service (DoS) attack on the targeted system by delivering
specially crafted packets to the system's network interface card. This flaw is triggered by the
kernel's incorrect processing of erroneous size parameters in a specific protocol. A successful
attack would cause a system crash, and attackers might use this flaw to execute arbitrary code
with elevated privileges. The Linux community has issued patches to fix this issue, and users are
urged to update their systems to the most recent patched versions as soon as possible to avoid
assaults. The vulnerability serves as a reminder of the significance of applying security patches
on an ongoing basis to avoid potential exploitation.

2. Introduction
Digital security is the practice of protecting digital systems, and networks from unauthorized
access, theft, damage, or hacking. In the current digital age, cyber security has emerged as a
crucial concern, with businesses, individuals, and governments increasingly relying technology
to store and communicate sensitive information. The importance of digital security has grown
exponentially with the increasing sophistication of cyber threats. Malware attacks, phishing
scams, and ransom ware attacks can cripple an organizations operations or cause irreversible
damage to a person’s reputation. If we want to protect one against such attacks and threats, we
must constantly monitor vulnerabilities using key protective sports.
A flaw called CVE-2010-2075 affects the IBM Informix Dynamic Server (IDS) software. The
vulnerability was made public in May 2010 and is considered to be of critical severity. Users are
urged to install the update, and IBM issued in order to protect their systems from this
vulnerability. Computer systems and data must be securely encrypted. Data encryption,
firewalls, two-factor authentication, and antivirus software are some measures to safeguard
against cyber threats. It has become a necessary component of daily life, making it essential for
individuals and organizations to adopt robust security practice to protect their online assets.

 “Nmap” (Network Mapper)

 “Kali Linux” (Attacker OS)
 “Debian-based Linux”(VictimOS)
 “Metasploit Framework”
 “Exploit (unix/irc/unreal_ircd_3281_backdoor)”.
3. Description of vulnerability, Exploits and attack software
3.1 Vulnerability
Vulnerability refers to any weakness or flaw in computer software, or system that
can be exploited by hackers to gain unauthorized access or compromise their
integrity. Vulnerabilities can exist in any aspect of a system and pose a threat to its
security, availability, and confidentiality. They can range from simple programming
errors to complex design flaws and may result from inadequate security measures,
lack of maintenance, or outdated software. Organizations must identify, assess and
mitigate vulnerabilities to protect their assets and data from potential cyber
threats.
3.2Exploits and Attack software
Exploits and attack software are tools used by attackers or hackers to gain
unauthorized access to computer systems, networks, or devices. These tools take
advantage of vulnerabilities or weakness in the system to achieve their objectives.
The attacker injects a trojan horse into the archive file Unreal3.2.8.1.tar.gz, which
was saved between November 2009 and June 12th, 2010 UnrealRCD 3.2.8.1.
(Rapid7, 2023)

Fig1. Supply code of exploitation (Rapid 7, 2023)

The victim tool that gets accessible due to the use of Nmap. UnrealIRCD 3.2.8,
which is installed via an IRC server, was the program of choice. This was commonly
used for real-time text chatting among internet-connected computers in 1998
(Radware, 2023). Nmap is used to find the vulnerability, in which the attacker looks
for cooperative systems inside the internal network topology while looking for
cooperative ports on the routing device. Then, exploiting the Metasploit
framework, comparable attacks were launched.
 4 Difference between vulnerability, Exploits and attack software
4.1Vulnerability
Vulnerability refers to a weakness or flaw in a system, software or network that
can be exploited by an attacker to gain unauthorized access or cause harm. It might
be used to go around a device's safety precautions. (Upguard) 2023.

4.2Exploits
Exploits are software programs that take advantage of vulnerabilities to perform
an attack. While exploits are focused on exploiting vulnerabilities, attack software
includes a broader range of tools and techniques, such as social engineering,
phishing, denial of service attacks, and malware.

4.3Attack Software
Attack software is a collection of tools and techniques that an attacker can use to
carry out an attack on a vulnerable system or network. It enables for destructive
communication with the attacker's various structures by carrying all the harmful
packets depending on the type of vulnerability.

5 Anatomy of attack
As a result, you can keep in mind that Kali Linux (attack device) and Debian-based
completely Linux (sufferer device) are both multiplied on the Oracle Virtual Machine field. The
community that is completing this is listed in the table below:

Virtual machine Network adaptor

Kali Linux(attacking machine) Bridged Adaptor

Debian-based Linux(victims machine) Bridged Adaptor

Network setting for Kali Linux and Debain-based Linux

5.1Information Gathering
Records assembling are the process of gathering statistics and information about
the client, such as IP address and server. It is by far the most crucial and initial
 component of the penetration testing or hacking system. Additional power will
allow the hacker to obtain more useful data and information about the scenario.

Footprinting
Footprinting refers to the process of gathering information about a target system or network
as a preliminary step in an attack. It involves collecting information about the organization, its
employees, technologies, and infrastructure to identify vulnerabilities that can be exploited.
Footprinting is usually conducted using publicly available information such as online directories,
social media profiles, and search engines. The information collected during this process can be
used by attackers to craft targeted attacks, exploit reconnaissance in digital security, allowing
organization to identify and mitigate potential risks before they can cause significant harm.

Enumeration
Enumeration refers to the process of seeking and compiling information about a specific target
system in order to expose its vulnerabilities and gain unauthorized access to it. The goal of
enumeration is to gather as much information as possible about the target, including a list of
hosts, accounts, passwords, and various other details such as network protocols, operating
systems, services running, and applications installed. Network administrators can put in place
safeguards like firewalls, intrusion detection and prevention systems, and network
segmentation to stop enumeration attacks, which can limit the amount of data that attackers
can obtain.

Scanning
Scanning entails the process of looking for threats, malware, or vulnerabilities within a system
or network. A system's security can be tested as well as viruses found and removed, network
intrusions found, and other uses for scanning. As you can see in this area of our report, we were
given specific virtual computers that are connected to the same network, which means that
their first few bytes are identical on both machines, and their final bit is notable.
 Fig 2: Command if config
The attacker's system, as seen in image three, uses the Linux terminal to perform the 'ifconfig' p
rocedure.Following the execution of the command, the present network connection
on that device is displayed.Because the IP address in the above screenshot is 192.168.1.67, the 
victim's IP address will begin with those three bytes as well.
If you want to know the patient's actual IP address, scan the IP address.Zenmap and Nmap are t
wo tools for testing IP addresses. The community device is mapped using nmap in this case.
This verifies all of the services that are on the move.
 Fig .3: Figure brief experiment

The earlier graphic makes it very evident that multiple ports are open on the second list of IPs.
In the third figure, the IRC carrier utilizing port 6667 can be seen. Attacker now probes a bit
farther into that IP to confirm whether it is still the functionality victim or not. For more about
that IP, a test is done to identify the OS and its company data.

Figure 4: OS and carrier detection

The outcomes show that Linux 2.6 is being used by the victim, and the attacker is now exploring
for ways to exploit the system and moving on with the exploitation.
Figure 5: Beginning msfconsole

5.2Exploitation
When to when an attacker takes advantage of a vulnerability or weakness in a
system or software to gain unauthorized access, steal confidential information, or
compromise the integrity of network exploitation is used. On this file, the
Metasploitable framework has been used. However, there are a lot of different
make the most databases available online. With the command "are searching for,"
one can gain access to the metasploit framework. The attacker can have only two
choices: make the most or search for payload.
Figure6: Searching available exploits

Fig7: Choosing modules that makes exploits

Online, there are a ton of benefit databases that offer even more excellent details. Investigation
of Unreal ircd 3281 revealed that it is a Linux software exploit, making it suitable for the victim's
Linux 2.6 machine.

Fig8: Finding and putting the payload

After the patching of vulnerability, the next step is to detect the payload. The virus has to be
installed on device where being exploited. The attacker can make use of the payload to do
major illegal actions on the targeted tool, such as acquiring sensitive information, stealing data,
and abusing it. According to the diagram above, the payload 'cmd/unix/opposite' is what grants
you access to the Linux tool.
 Fig9: Setting alternatives required
The screenshot above depicts the alternatives that may be available for use, as well as the
settings that the attacker will apply. The one being used is target port 6667.
The victim's community include, which the assaulter has inserted depending on the previous
step, is the address mentioned at the same time as placing the "RHOST." The example given
above demonstrates that this works with Linux and that the attacker is accurately recognized.
Similarly, the 'LHOST' option requests the attacker's IP address. In this way link connecting the
devices is established.
 Fig10: Running Exploits with successful result

The "make the most" command was modified to trigger the exploitation seen in the above
image. When you observe "command shell session opened," an attacker may be ahead of you,
adjusting the most variables for success.

5.3Post Exploitation

Fig11: Using shell and whoami

The exploitation began with the "make the most" command, as demonstrated by the
aforementioned determination.

Fig12: List customer and resetting customer password

All users of the patient's device are listed using the 'ls' command, as shown in the preceding
decision. Then, one of the purchaser passwords is modified, and if the password has been
correctly updated, the 'password' command can be seen within the disconcern.
 Fig13: Sufferer directory
The command "ls"used to display the suffering list. The whole library of files and folders on the
target device is shown, as it is shown in the screenshot up top.

Fig14: Directory maded

As soon as the attacker had control of the victim's gadget. Attacker is capable of acting on his
own authority. The attacker at this instance created a folder inside the victim's tool using the
"mkdir" command, as seen in the screenshot up top.

Fig15: Directory of victims after folder creation

Fig16: Contends in the file

 Fig17: editing victims file

The 'nano' command is used to alter the patient's file. Now that an editor is open, we will begin
adding new lines to the report. An attacker who can be seen within the decision has inserted a
few more lines using the 'nano.txt' command.
 Fig18: Consent of file after editing (victim’s terminal)

Because the attacker used the "nano" command, which allows you to change the file, the
content of the record on the victim's device had been modified, as seen in the image above.

Fig19: Checking the victims system

In the example above, the attacker used the 'uname -a' command to obtain the victim's device's
data. The preceding decision is a genuine confirmation of the victim device's system data.

Fig20: IPs in both machines

 Attacker verifies the device's IP data after seizing control of the victim's system.

6 Recommendation for preventing attack

To avoid such a threat in initial stages, maintain your software up to date, use strong
passwords, adopt secure browsing habits, and back up your data. It is possible to
accomplish this by downloading the most recent version of the utility and updating the
operating system, as the wonderful displays in determines. Strong encryption
algorithms, such as AES, should be used instead than lesser algorithms, such as DES or
3DES. To identify and prevent illegal access to your systems, keep an eye on the activity
on your network while installing detection and prevention of intrusion technologies in
place.

Fig21: Downloading latest version and updating the system (Ubuntu)

A firewall setting may be helpful for preventing scanner from detecting the tool. It also
prohibits the machine from connecting to other networks and connections, making it far
more difficult for attackers to gain access to the system's data. Firewalls are potentially
capable of preventing malware and 0th birthday party attempts. To prevent unwanted
access to your servers, ensure that your firewall is properly set and enabled.

7 Related Software
Percentage is a robust open-source penetration testing tool for assessing the security of
both community and internet applications. It can truly complete the full mission, as
 evidenced by the fact that it has over 38,000 exploits. The tool is accurately recognized
for data collection, goal definition, use, and event notification. The majority of the game
is made up of exploits that operate on any computer (Linux, Windows, UNIX, SCO, Minix,
OSX, Solaris, and so on.).  Pre-loaded exploits (scripts), the framework allows
penetration testers to create additional exploits. Apache HTTP Server, Microsoft
Internet Information Services (IIS), PHP, WordPress, OpenCart, and Magento are some
of the technologies used.
Patches for all of the impacted software are accessible to resolve this vulnerability.
Users are encouraged to update their software to the most recent version, which
includes the CVE-2010-2075 remedy. It is also advised that additional security measures,
such as the use of a firewall for web applications, be used to reduce the risk of
exploitation.

Fig22: Exploit packed interface (hacking loops)

8 Critical Reflection(L7 only)

Any tool's weak spot has the potential to seriously affect both the user and the company
as a whole. Outsiders can quickly acquire access to a victim's private computer, giving
them the ability to review any data on the network server as well as install items the
victim doesn't want on their device. Attackers may misuse vital knowledge to their
advantage, causing the victim to suffer. The more vulnerable individuals have been, the
more predatory situations there are. CVE-2010-2075 serves as a reminder that cyber
dangers are real and can cause considerable harm to persons and organizations that do
not practice good cyber security. It underlines the importance of constant monitoring
and proactive efforts to reduce vulnerabilities and ensure the security of cyber systems.
9 Conclusion
In conclusion, as technology continues to advance, so do the threats of cyber attacks,
making it crucial for individuals and organizations to understand and implement
effective security measures to protect them. Education, training, and awareness are
essential in combating digital security vulnerabilities, and it is also important for
companies to invest in robust security infrastructure and protocols to safeguard
sensitive data. Digital security flaws can be caused by both technical and human
reasons. Software defects, unsafe network settings, old systems, or insufficient
encryption can all lead to technical vulnerabilities. Poor password practices, a lack of
information about cyber security concerns, or social engineering efforts can all lead to
human vulnerabilities. Overall, addressing digital security vulnerabilities requires a
collective effort from all stakeholders to ensure that we can safely and securely navigate
the digital landscape.

10 References
I. Rapid7 (2022).UnrealIRCD 3.2.8.1 Performance using Backdoor Commands
[Online] https:
//www.rapid7.com/db/modules/exploit/unix/irc/unreal_ircd_3281_backdoo
r/ [Accessed on July 24, 2022].
II. Bikes (unknown date). IRC (Internet Relay Chat) can be accessed [online]:
https: //www.radware.com/security/ddos-knowledge-center/ddospedia/irc-
internet-relay-chat/#: text=IRC (Internet Relay Chat) is a client and server
command [accessed July 24, 2022]
III. The year is 2022. What exactly is vulnerability? Available at:
https://www.upguard.com/blog/vulnerability [Accessed on July 25, 2022].  
IV. Nest (2 August 2022). CVE-2017-0143 specifics. NIST: https:
//nvd.nist.gov/vuln/detail/CVE-2017-0143
V. G.F. Lyon, 2009.Nmap network scan: The Nmap project's official guide for net
work discovery and security scanning. I'm not sure.

VI. Speed guide (unknown date). Details on Port 6667 may be found at
https://www.speedguide.net/port.php?port=6667. [Accessed on July 25,
2022].

VII. Https: //www.hackingloops.com/exploit-pack/ [Accessed July 27, 2022].

VIII. Details on CVE (no dates). Unreal: Vulnerability [Online] https:
//www.cvedetails.com/vulnerability-list/vendor_id-10938/Unrealircd.html
[Accessed on July 31, 2022].
 IX. Https:
//www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/
irc/unreal_ircd_3281_backdoor [as of August 1, 2022].
X. A. D. Rubin, S. M. Bellovin, and W. R. Cheswick. Defending against the
cunning hacker using firewalls and Internet security (2nd Ed.). Addison-
Wesley Professional Edition.

XI. 2014, Shostack. The practice of planning for privacy is known as risk
modelling. Publisher: John Wiley & Sons, Inc.

XII. Nests (2 August 2022). CVE-2017-0143 specifics. NIST: https:

//nvd.nist.gov/vuln/detail/CVE-2017-0143
XIII. Alternatives to Metasploit. Alternative To. (2022, August 02).
https://alternativeto.net/software/metasploit-community-edition/
Alternative To.
XIV. The year is 2022. [Online] Download Ubuntu Desktop
https://ubuntu.com/download/desktop [Accessed July 27, 2022].
XV. G. Messina (August 1, 2022). Top 5 Data Collection Tools in Kali Linux.
INFOSEC: https://resources.infosecinstitute.com/topic/kali-linux-top-5-
information-gathering-tools/