hacktricks/network-services-pentesting/pentesting-irc.md

# 194,6667,6660-7000 - Pentesting IRC

<details>

<summary><strong>Impara l'hacking di AWS da zero a eroe con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Altri modi per supportare HackTricks:

* Se vuoi vedere la tua **azienda pubblicizzata in HackTricks** o **scaricare HackTricks in PDF** Controlla i [**PIANI DI ABBONAMENTO**](https://github.com/sponsors/carlospolop)!
* Ottieni il [**merchandising ufficiale di PEASS & HackTricks**](https://peass.creator-spring.com)
* Scopri [**The PEASS Family**](https://opensea.io/collection/the-peass-family), la nostra collezione di esclusive [**NFT**](https://opensea.io/collection/the-peass-family)
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Condividi i tuoi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>

## Informazioni di base

IRC, inizialmente un **protocollo di testo semplice**, è stato assegnato **194/TCP** da IANA ma comunemente viene eseguito su **6667/TCP** e porte simili per evitare di avere bisogno di **privilegi di root** per l'operazione.

Un **nickname** è tutto ciò che serve per connettersi a un server. Dopo la connessione, il server esegue una ricerca DNS inversa sull'IP dell'utente.

Gli utenti sono divisi in **operatori**, che hanno bisogno di un **username** e una **password** per avere più accesso, e **utenti** regolari. Gli operatori hanno diversi livelli di privilegi, con gli amministratori in cima.

**Porte predefinite:** 194, 6667, 6660-7000
```
PORT     STATE SERVICE
6667/tcp open  irc
```
## Enumerazione

### Banner

IRC può supportare **TLS**.
```bash
nc -vn <IP> <PORT>
openssl s_client -connect <IP>:<PORT> -quiet
```
### Manuale

Qui puoi vedere come connetterti e accedere all'IRC utilizzando un **nickname casuale** e quindi enumerare alcune informazioni interessanti. Puoi imparare ulteriori comandi di IRC [qui](https://en.wikipedia.org/wiki/List\_of\_Internet\_Relay\_Chat\_commands#USERIP).
```bash
#Connection with random nickname
USER ran213eqdw123 0 * ran213eqdw123
NICK ran213eqdw123
#If a PING :<random> is responded you need to send
#PONG :<received random>

VERSION
HELP
INFO
LINKS
HELPOP USERCMDS
HELPOP OPERCMDS
OPERATOR CAPA
ADMIN      #Admin info
USERS      #Current number of users
TIME       #Server's time
STATS a    #Only operators should be able to run this
NAMES      #List channel names and usernames inside of each channel -> Nombre del canal y nombre de las personas que estan dentro
LIST       #List channel names along with channel banner
WHOIS <USERNAME>      #WHOIS a username
USERHOST <USERNAME>   #If available, get hostname of a user
USERIP <USERNAME>     #If available, get ip of a user
JOIN <CHANNEL_NAME>   #Connect to a channel

#Operator creds Brute-Force
OPER <USERNAME> <PASSWORD>
```
Puoi, inoltre, provare ad accedere al server con una password. La password predefinita per ngIRCd è `wealllikedebian`.
```bash
PASS wealllikedebian
NICK patrick
USER test1 test2 <IP> :test3
```
### **Trova e scansiona i servizi IRC**

To find IRC services, you can use tools like Nmap or Masscan to scan for open ports on a target system. The default port for IRC is 6667, but it can also be found on other ports.

To scan for IRC services using Nmap, you can use the following command:

```
nmap -p 6667 <target_ip>
```

Replace `<target_ip>` with the IP address of the target system.

Once you have identified an open IRC port, you can connect to it using an IRC client like Irssi or HexChat. These clients allow you to interact with the IRC server and its channels.

To connect to an IRC server using Irssi, you can use the following command:

```
irssi -c <irc_server> -p <port>
```

Replace `<irc_server>` with the IP address or domain name of the IRC server, and `<port>` with the port number.

Once connected, you can join channels and interact with other users. It is important to note that IRC servers may require authentication, so you may need to provide a username and password to connect.

By scanning and connecting to IRC services, you can gather information, communicate with other users, and potentially discover vulnerabilities or misconfigurations that can be exploited during a penetration test.
```bash
nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,6660-7000 <ip>
```
### [Forza bruta](../generic-methodologies-and-resources/brute-force.md#irc)

### Shodan

* `ricerca del tuo hostname`

<details>

<summary><strong>Impara l'hacking di AWS da zero a eroe con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Altri modi per supportare HackTricks:

* Se vuoi vedere la tua **azienda pubblicizzata in HackTricks** o **scaricare HackTricks in PDF** Controlla i [**PACCHETTI DI ABBONAMENTO**](https://github.com/sponsors/carlospolop)!
* Ottieni il [**merchandising ufficiale di PEASS & HackTricks**](https://peass.creator-spring.com)
* Scopri [**The PEASS Family**](https://opensea.io/collection/the-peass-family), la nostra collezione di esclusive [**NFT**](https://opensea.io/collection/the-peass-family)
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Condividi i tuoi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>