Extract passwords and more from memory #
mimikittenz "is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes".
Basic usage:
- Run Windows PowerShell as administrator
- cd to directory containing Invoke-mimikittenz.ps1 (e.g., Downloads)
- PS C:\Users\user\Downloads> Set-ExecutionPolicy RemoteSigned
- PS C:\Users\user\Downloads> Import-Module $pwd\Invoke-mimikittenz.ps1
- PS C:\Users\user\Downloads> Invoke-mimikittenz
Sample result:
PatternName PatternMatch
----------- ------------
Gmail &Email=tinyapps@gmail.com&Passwd=PASSWORD_IN_PLAINTEXT&Persiste...
mimikittenz currently extracts the following credentials from memory:
- Webmail
- Gmail
- Office365
- Outlook Web
- Accounting
- Remote Access
- Juniper SSL-VPN
- Citrix NetScaler
- Remote Desktop Web Access 2012
- Development
- Jira
- Github
- Bugzilla
- Zendesk
- Cpanel
- IHateReverseEngineers
- Malwr
- VirusTotal
- AnubisLabs
- Misc
- Dropbox
- Microsoft Onedrive
- AWS Web Services
- Slack
- Twitter
- Facebook
See also:
/windows | Jul 08, 2016
Subscribe or visit the archives.