Internet Relay Chat (IRC) has long been a trusted platform for real-time text-based communication. But IRC is not just about chat; it offers a rich array of commands that can be harnessed for information gathering and efficient communication. In this comprehensive guide, we will explore the most valuable IRC commands for information gathering, along with the capabilities of the CTCP (Client-to-Client Protocol) commands. Prepare to embark on a journey of discovery as we unlock the hidden potential of IRC.
Before we move on to the nitty-gritty, let’s learn some basics about IRC. What’s IRC? Is it like an app? Or a website?
At the core of IRC are servers, which host the IRC networks. These servers act as hubs, connecting users from different locations and facilitating communication between them. Each IRC network consists of multiple servers linked together, forming a vast network of interconnected nodes. Generally, in the context of IRC, the names ‘IRC servers’ and ‘IRC Networks’ are used interchangeably.
Users connect to an IRC server using an IRC client (Irssi, Hexchat), which is software that allows individuals to interact with the IRC network. The client provides a user-friendly interface through which users can join channels, send messages, and participate in discussions.
Channels are virtual spaces within the IRC network where users can gather and engage in conversations on specific topics. Channels are denoted by a “#” symbol followed by a unique name, such as “#osintforall” or “#programming”. Users can join channels of interest to connect with like-minded individuals, share knowledge, and discuss various subjects.
When users join a channel, they can send messages to the channel that are visible to all participants. These messages can be seen and responded to in real-time. Users can also send private messages to other individuals on the network, allowing for one-on-one conversations.
Try to imagine Discord “servers”, where we join a server, for example, Osint For All server, and we can join individual channels there. Even though we can do a lot of other things on Discord compared to IRC, the idea behind it is somewhat the same.
One advantage of IRC over Discord is that we don’t necessarily need to register to a server and join channels, whereas in Discord, we need to create an account first, and then we can join and chat on different servers.
An IRC client is a software application that allows users to connect to and interact with IRC servers. It serves as the interface between the user and the IRC network, enabling them to participate in real-time text-based conversations, join channels, and perform various actions.
IRC clients come in different forms, including standalone desktop applications, web-based clients, and command line clients. They provide a user-friendly interface that simplifies the process of connecting to an IRC server and navigating the network.
The recommendations are as follows.
- Irssi (Command line)
- Hexchat (GUI)
Setting The Ground (Opsec Tips)⌗
For demonstration purposes, we’ll be using Irssi client and connecting to Libera Chat network.
In the above image, we have connected to Libera Chat server/network. And the text enclosed in the red rectangle is the nickname which was set previously.
In order to conceal ourselves, we can change, real_name, hostname and nickname in Irssi by using /set command.
As we can see from the above image, we have changed our real_name, hostname and nickname to Ultrachad.
Information Gathering Commands⌗
1.WHOIS: The WHOIS command allows us to retrieve detailed information about a specific user, including their nickname, username, hostname, real name, server information, and channels they are currently in.
As we can see from the above image, using /whois, we have gathered some basic information about a user named amoghavarsha(That’s me!). And remember, we haven’t logged in as a user yet, but we can still just connect to a server and gather basic information about users.
In order to log in, we can use /msg nickserv identify amoghavarsha command as shown in the image below.
Once we login, we can also use cloak provided by Libera chat, by joining #libera-cloak and typing !cloakme. Cloaks/Cloaking helps us to conceal our IP address and replace that with something random depending on the servers/networks.
2.WHOWAS: The WHOWAS command allows us to retrieve detailed information about a specific user, including their nickname, username, hostname, real name, server information that they might have had previously.
As we can see in the image below, when we search for a user named john we got their previous records.
Luckily, in our example, we got some other extra information about the user john apart from their previous connections. Here we can see a new IP address that john could have connected, and we can also presume that john might be using Thunderbird email client. These cannot be confirmed unless we do a physical forensic test, which is not in the interest of this guide, but with intuition there is a strong chance that they might be using Thunderbird.
3.LIST: The LIST command provides an overview of channels on the server, along with their topics and the number of users in each channel.
As we can see in the images below, we have listed all the channels in the Libera chat server (A-Z), we use -y flag in Irssi to confirm to a huge list of all channels in the server.
4.JOIN: The JOIN command enables us to join a specific channel.
As seen in the image below, let’s join #python channel.
Here’s something interesting to notice, when we joined the channel, we can see that our IP address is hidden, and it’s replaced instead user/Amoghavarsha. So these are some advantages of having an account and also cloaking that we discussed earlier.
5.NAMES: The NAMES command gives us the (nick)names of all the users in a group.
As we can see in the image below, we got a lot of names from the python group. Joining certain groups to investigate a target is one of the best ways to track their activities. Having an insight/intuition about target’s preferred channels is useful. It could be guessed by tracking their online activities on social media platforms.
6.WHO: The WHO command is similar to WHOIS, but in brief.
As we can see in the image below, we just searched for a random user from #python group nicked lack, in order to get basic information. And luckily we got their presumably the real name (Jim Ramsay) and their email ([email protected]), in turn their website (jimramsay.com).
Furthermore, when we did check for /WHOIS and /WHOWAS records, we got some juicy information such as their last login and the channels that they are active.
7.MODE: The MODE command displays or changes the mode of a user or channel, allowing control over various aspects such as channel moderation, user permissions, and channel settings.
So here in the image below, when we check the MODE of python channel, we got some basic information such as date of the channel creation, the person who set the topic and so on.
8.MOTD: The MOTD command displays the ‘Message of the day’ on the server, generally set by the admin.
In the image below, we can see the MOTD of Libera Chat.
As we have covered some basic information gathering commands, let’s try to look at another command and its variations.
9.CTCP: CTCP stands for ‘Client to client protocol’, which tries to provide some basic information about target’s clients and services.
Usuage: /CTCP <NICKNAME> <COMAMND>
For example, in the image below, when we got some information about lack’s client by using CTCP VERSION command.
Usuage: /CTCP <NICKNAME> VERSION
The CTCP VERSION command retrieves the client version of a user, revealing the IRC client software they are using.
Next, when we tried using CTCP TIME command on another nick (lexandrop), we got the following result.
Usuage: /CTCP <NICKNAME> TIME
The CTCP TIME command requests the local time of a user’s IRC client.
Some Interesting CTCP Commands⌗
There are some CTCP commands that are interesting, perhaps they don’t necessarily guarantee the result. This is because, overtime, IRC clients have improved a lot, and some old school IRC commands have become obsolete. But, we’ll never know what we can get, so that’s why I’m going to explain some CTCP commands that are worth trying.
- CTCP PING: The CTCP PING command measures the round-trip time (RTT) between our client and the target user’s client, providing an indication of network latency.
Usuage: /CTCP <NICKNAME> PING
- CTCP ACTION: The CTCP ACTION command allows us to send an action or emote to a user or channel, expressing an emotion or describing an action.
Usuage: /CTCP <NICKNAME> ACTTION
- CTCP CLIENTINFO: The CTCP CLIENTINFO command requests information about the CTCP commands supported by a user’s IRC client.
Usuage: /CTCP <NICKNAME> CLIENTINFO
You cannot enter private #servers / #networks without permission or an invite.
You cannot enter private #channels without permission or an invite.
Admins can kick or ban you anytime with or without notice.
Your IP could be blacklisted.
Some of the commands may vary according to IRC clients, IRC servers and the services they offer. So always read the documentation on their sites.
In this comprehensive guide, we have explored a wide range of IRC commands for information gathering and CTCP commands for enhanced communication experiences. By mastering these commands, we can unlock the true potential of IRC, whether it’s discovering valuable information, engaging in meaningful conversations, or troubleshooting technical issues. Embrace the power of IRC, and let its commands be our gateway to a world of knowledge, connections, and collaboration.