Merge pull request #68 from kkrypt0nn/main

feat: Add IRC server password authentication

Author: evilsocket

Cargo.toml

@@ -109,6 +109,7 @@ default = [
     "smtp",
     "pop3",
     "imap",
+    "irc",
     "telnet",
     "ldap",
     "kerberos",
@@ -135,6 +136,7 @@ ftp = ["dep:async_ftp"]
 smtp = ["dep:async-smtp"]
 pop3 = ["dep:async-pop"]
 imap = ["dep:async-imap"]
+irc = []
 telnet = ["dep:mini-telnet"]
 ldap = ["dep:ldap3"]
 kerberos = [

README.md

@@ -22,7 +22,7 @@ For the building instructions, usage and the complete list of options [check the
 
 ## Supported Protocols/Features:
 
-AMQP (ActiveMQ, RabbitMQ, Qpid, JORAM and Solace), Cassandra/ScyllaDB, DNS subdomain enumeration, FTP, HTTP (basic authentication, NTLMv1, NTLMv2, multipart form, custom requests with CSRF support, files/folders enumeration, virtual host enumeration), IMAP, Kerberos pre-authentication and user enumeration, LDAP, MongoDB, MQTT, Microsoft SQL, MySQL, Oracle, PostgreSQL, POP3, RDP, Redis, Samba, SSH / SFTP, SMTP, Socks5, STOMP (ActiveMQ, RabbitMQ, HornetQ and OpenMQ), TCP and UDP port scanning with banner grabbing, Telnet, VNC.
+AMQP (ActiveMQ, RabbitMQ, Qpid, JORAM and Solace), Cassandra/ScyllaDB, DNS subdomain enumeration, FTP, HTTP (basic authentication, NTLMv1, NTLMv2, multipart form, custom requests with CSRF support, files/folders enumeration, virtual host enumeration), IMAP, IRC, Kerberos pre-authentication and user enumeration, LDAP, MongoDB, MQTT, Microsoft SQL, MySQL, Oracle, PostgreSQL, POP3, RDP, Redis, Samba, SSH / SFTP, SMTP, Socks5, STOMP (ActiveMQ, RabbitMQ, HornetQ and OpenMQ), TCP and UDP port scanning with banner grabbing, Telnet, VNC.
 
 ## Benchmark
 

src/options.rs

@@ -149,4 +149,7 @@ pub(crate) struct Options {
     #[cfg(feature = "port_scanner")]
     #[clap(flatten, next_help_heading = "PORT SCANNER")]
     pub port_scanner: crate::plugins::port_scanner::options::Options,
+    #[cfg(feature = "irc")]
+    #[clap(flatten, next_help_heading = "IRC")]
+    pub irc: crate::plugins::irc::options::Options,
 }

src/plugins/irc/mod.rs

@@ -0,0 +1,97 @@
+use rand::Rng;
+use std::time::Duration;
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+
+use async_trait::async_trait;
+
+use crate::session::{Error, Loot};
+use crate::utils;
+use crate::Options;
+use crate::Plugin;
+
+pub(crate) mod options;
+
+use crate::creds::Credentials;
+
+super::manager::register_plugin! {
+    "irc" => IRC::new()
+}
+
+#[derive(Clone)]
+pub(crate) struct IRC {
+    tls: bool,
+}
+
+impl IRC {
+    pub fn new() -> Self {
+        IRC { tls: false }
+    }
+
+    fn generate_random_username() -> String {
+        let mut rng = rand::thread_rng();
+        let length = rng.gen_range(5..=9);
+        (0..length)
+            .map(|_| {
+                let range = if rng.gen_bool(0.5) {
+                    b'a'..=b'z'
+                } else {
+                    b'A'..=b'Z'
+                };
+                rng.gen_range(range) as char
+            })
+            .collect()
+    }
+}
+
+#[async_trait]
+impl Plugin for IRC {
+    fn description(&self) -> &'static str {
+        "IRC server password authentication."
+    }
+
+    fn setup(&mut self, opts: &Options) -> Result<(), Error> {
+        self.tls = opts.irc.irc_tls;
+        Ok(())
+    }
+
+    async fn attempt(
+        &self,
+        creds: &Credentials,
+        timeout: Duration,
+    ) -> Result<Option<Vec<Loot>>, Error> {
+        let address =
+            utils::parse_target_address(&creds.target, if self.tls { 6697 } else { 6667 })?;
+
+        let mut stream = crate::utils::net::async_tcp_stream(&address, timeout, self.tls).await?;
+
+        let username = IRC::generate_random_username();
+        stream
+            .write_all(
+                format!(
+                    "NICK {}\r\nUSER {} 0 * :{}\r\nPASS {}\r\n",
+                    username, username, username, creds.password
+                )
+                .as_bytes(),
+            )
+            .await
+            .map_err(|e| e.to_string())?;
+
+        let mut buffer = vec![0; 1024];
+        let mut accumulated_data = Vec::new();
+        loop {
+            let bytes_read = stream.read(&mut buffer).await.map_err(|e| e.to_string())?;
+            if bytes_read == 0 {
+                return Ok(None);
+            }
+            accumulated_data.extend_from_slice(&buffer[..bytes_read]);
+            let response = String::from_utf8_lossy(&accumulated_data);
+            if response.contains(" 001 ") && response.contains("Welcome") {
+                return Ok(Some(vec![Loot::new(
+                    "irc",
+                    &address,
+                    [("password".to_owned(), creds.password.to_owned())],
+                )]));
+            }
+        }
+    }
+}

src/plugins/irc/options.rs

@@ -0,0 +1,10 @@
+use clap::Parser;
+use serde::{Deserialize, Serialize};
+
+#[derive(Parser, Debug, Serialize, Deserialize, Clone, Default)]
+#[group(skip)]
+pub(crate) struct Options {
+    #[clap(long, default_value_t = false)]
+    /// Use TLS for IRC.
+    pub irc_tls: bool,
+}

src/plugins/mod.rs

@@ -36,6 +36,8 @@ plug! {
     pub(crate) http;
     #[cfg(feature = "imap")]
     imap;
+    #[cfg(feature = "irc")]
+    pub(crate) irc;
     #[cfg(feature = "kerberos")]
     pub(crate) kerberos;
     #[cfg(feature = "ldap")]

test-servers/inspircd.config/inspircd.conf

@@ -0,0 +1,12 @@
+<connect allow="*" password="test12345">
+
+<bind address="*" port="6667" type="clients">
+<bind address="*" port="6697" type="clients" ssl="ssl">
+
+<module name="ssl_gnutls">
+<sslprofile name="ssl"
+       provider="gnutls"
+       certfile="/inspircd/conf/cert.pem"
+       keyfile="/inspircd/conf/key.pem"
+       dhfile="/inspircd/conf/dhparams.pem"
+       priority="NORMAL:-MD5">

test-servers/irc.sh

@@ -0,0 +1,4 @@
+docker run -p 6667:6667 \
+    -p 6697:6697 \
+    -v ./inspircd.config:/inspircd/conf/ \
+    inspircd/inspircd-docker