mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-04 18:40:54 +00:00
118 lines
7 KiB
Markdown
118 lines
7 KiB
Markdown
# 194,6667,6660-7000 - Pentesting IRC
|
||
|
||
<details>
|
||
|
||
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
||
|
||
- 你在一个**网络安全公司**工作吗?你想在HackTricks中看到你的**公司广告**吗?或者你想获得**PEASS的最新版本或下载PDF格式的HackTricks**吗?请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
||
|
||
- 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
|
||
|
||
- 获得[**官方PEASS和HackTricks的衣物**](https://peass.creator-spring.com)
|
||
|
||
- **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f)或[**电报群组**](https://t.me/peass),或者**关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
|
||
|
||
- **通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来分享你的黑客技巧**。
|
||
|
||
</details>
|
||
|
||
## 基本信息
|
||
|
||
IRC最初是一个**纯文本协议**(尽管后来扩展了功能),在请求后被分配了IANA的**194/TCP端口**。然而,事实上的标准一直是在**6667/TCP**和附近的端口号上运行IRC(例如TCP端口6660-6669、7000),以**避免**必须以**root权限**运行IRCd软件。
|
||
|
||
连接到服务器只需要一个**昵称**。一旦连接建立,服务器首先会对你的IP进行反向DNS查询:
|
||
|
||
![](https://lh5.googleusercontent.com/C9AbjS9Jn4GvZJ-syptvebGU2jtI4p1UmLsmkBj3--utdFjft1B3Qfij3GDiUqxyp9wq\_mbupVdUtfW-\_rSo1W\_EPFZzCQ7iHSn7-DK3l4-BfylIHluQBNrDWxO0lxCuAMz8EkQ9oi9jwDlH6A)
|
||
|
||
总体上看,**有两种类型的用户**:**操作员**和普通**用户**。要登录为**操作员**,需要一个**用户名**和一个**密码**(在许多情况下还需要特定的主机名、IP甚至特定的主机掩码)。在操作员中,有不同的特权级别,其中管理员拥有最高特权。
|
||
|
||
**默认端口:**194、6667、6660-7000
|
||
```
|
||
PORT STATE SERVICE
|
||
6667/tcp open irc
|
||
```
|
||
## 枚举
|
||
|
||
### 横幅
|
||
|
||
IRC可以支持**TLS**。
|
||
```bash
|
||
nc -vn <IP> <PORT>
|
||
openssl s_client -connect <IP>:<PORT> -quiet
|
||
```
|
||
### 手动
|
||
|
||
在这里,您可以看到如何使用一些**随机昵称**连接和访问IRC,然后枚举一些有趣的信息。您可以在[这里](https://en.wikipedia.org/wiki/List\_of\_Internet\_Relay\_Chat\_commands#USERIP)了解更多IRC命令。
|
||
```bash
|
||
#Connection with random nickname
|
||
USER ran213eqdw123 0 * ran213eqdw123
|
||
NICK ran213eqdw123
|
||
#If a PING :<random> is responded you need to send
|
||
#PONG :<received random>
|
||
|
||
VERSION
|
||
HELP
|
||
INFO
|
||
LINKS
|
||
HELPOP USERCMDS
|
||
HELPOP OPERCMDS
|
||
OPERATOR CAPA
|
||
ADMIN #Admin info
|
||
USERS #Current number of users
|
||
TIME #Server's time
|
||
STATS a #Only operators should be able to run this
|
||
NAMES #List channel names and usernames inside of each channel -> Nombre del canal y nombre de las personas que estan dentro
|
||
LIST #List channel names along with channel banner
|
||
WHOIS <USERNAME> #WHOIS a username
|
||
USERHOST <USERNAME> #If available, get hostname of a user
|
||
USERIP <USERNAME> #If available, get ip of a user
|
||
JOIN <CHANNEL_NAME> #Connect to a channel
|
||
|
||
#Operator creds Brute-Force
|
||
OPER <USERNAME> <PASSWORD>
|
||
```
|
||
你也可以尝试使用密码登录服务器。ngIRCd的默认密码是'wealllikedebian'。
|
||
```bash
|
||
PASS wealllikedebian
|
||
NICK patrick
|
||
USER test1 test2 <IP> :test3
|
||
```
|
||
### **查找和扫描IRC服务**
|
||
|
||
To find and scan IRC services, you can use various tools and techniques. Here are some steps you can follow:
|
||
|
||
1. **Port scanning**: Use a port scanning tool like Nmap to identify open ports on the target system. IRC services typically use port 6667 or 6697 for SSL/TLS connections.
|
||
|
||
2. **Banner grabbing**: Once you have identified the open ports, you can use tools like Telnet or Netcat to connect to the IRC service and retrieve the banner. The banner often contains information about the IRC server and its version.
|
||
|
||
3. **Enumeration**: Use IRC enumeration tools like IRCSniff or IRCSpy to gather information about the IRC channels, users, and server configuration. These tools can help you identify potential vulnerabilities or misconfigurations.
|
||
|
||
4. **Brute-forcing**: If you have valid usernames or nicknames, you can use tools like Hydra or Medusa to perform brute-force attacks and attempt to guess passwords for IRC accounts.
|
||
|
||
5. **Exploitation**: Once you have gathered enough information, you can search for known vulnerabilities in the IRC server software or plugins. Exploiting these vulnerabilities can give you unauthorized access to the IRC server or compromise user accounts.
|
||
|
||
Remember to always obtain proper authorization before performing any scanning or testing activities. Unauthorized access to IRC services or any other system is illegal and unethical.
|
||
```bash
|
||
nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,6660-7000 <ip>
|
||
```
|
||
### [暴力破解](../generic-methodologies-and-resources/brute-force.md#irc)
|
||
|
||
### Shodan
|
||
|
||
* `查找你的主机名`
|
||
|
||
<details>
|
||
|
||
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks 云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
||
|
||
- 你在一家**网络安全公司**工作吗?你想在 HackTricks 中看到你的**公司广告**吗?或者你想获得**PEASS 的最新版本或下载 HackTricks 的 PDF**吗?请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
||
|
||
- 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品——[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
|
||
|
||
- 获取[**官方 PEASS & HackTricks 商品**](https://peass.creator-spring.com)
|
||
|
||
- **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram 群组**](https://t.me/peass),或者**关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
|
||
|
||
- **通过向[hacktricks 仓库](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud 仓库](https://github.com/carlospolop/hacktricks-cloud)提交 PR 来分享你的黑客技巧**。
|
||
|
||
</details>
|