# IRC - Ports 194,6667,6660-7000

{% tabs %}
{% tab title="Support VeryLazyTech 🎉" %}
Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**

* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚
  {% endtab %}
  {% endtabs %}

## Basic Information <a href="#basic-information" id="basic-information"></a>

IRC, initially a **plain text protocol**, was assigned **194/TCP** by IANA but is commonly run on **6667/TCP** and similar ports to avoid needing **root privileges** for operation.

A **nickname** is all that's needed to connect to a server. Following connection, the server performs a reverse-DNS lookup on the user's IP.

Users are divided into **operators**, who need a **username** and **password** for more access, and regular **users**. Operators have varying levels of privileges, with administrators at the top.

**Default ports:** 194, 6667, 6660-7000

```
PORT     STATE SERVICE
6667/tcp open  irc
```

## Enumeration <a href="#enumeration" id="enumeration"></a>

### Banner <a href="#banner" id="banner"></a>

IRC can support **TLS**.

```bash
nc -vn <IP> <PORT>
openssl s_client -connect <IP>:<PORT> -quiet
```

### Manual <a href="#manual" id="manual"></a>

Here you can see how to connect and access the IRC using some **random nickname** and then enumerate some interesting info. You can learn more commands of IRC [here](https://en.wikipedia.org/wiki/List_of_Internet_Relay_Chat_commands#USERIP).

```bash
#Connection with random nickname
USER ran213eqdw123 0 * ran213eqdw123
NICK ran213eqdw123
#If a PING :<random> is responded you need to send
#PONG :<received random>

VERSION
HELP
INFO
LINKS
HELPOP USERCMDS
HELPOP OPERCMDS
OPERATOR CAPA
ADMIN      #Admin info
USERS      #Current number of users
TIME       #Server's time
STATS a    #Only operators should be able to run this
NAMES      #List channel names and usernames inside of each channel -> Nombre del canal y nombre de las personas que estan dentro
LIST       #List channel names along with channel banner
WHOIS <USERNAME>      #WHOIS a username
USERHOST <USERNAME>   #If available, get hostname of a user
USERIP <USERNAME>     #If available, get ip of a user
JOIN <CHANNEL_NAME>   #Connect to a channel

#Operator creds Brute-Force
OPER <USERNAME> <PASSWORD>
```

You can, also, atttempt to login to the server with a password. The default password for ngIRCd is `wealllikedebian`.

```bash
PASS wealllikedebian
NICK patrick
USER test1 test2 <IP> :test3
```

### **Find and scan IRC services** <a href="#find-and-scan-irc-services" id="find-and-scan-irc-services"></a>

```bash
nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,6660-7000 <ip>
```

{% hint style="success" %}
Learn & practice [**For the OSCP.**](https://shop.verylazytech.com/)

<details>

<summary>Support VeryLazyTech 🎉</summary>

Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**

* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚

</details>
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.verylazytech.com/network-pentesting/irc-ports-194-6667-6660-7000.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.