mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes.

mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited to:

TRACK2 (CreditCard) data from merchant/POS processes
PII data
Encryption Keys & All the other goodstuff

note: This tool is targeting running process memory address space, once a process is killed it’s memory ‘should’ be cleaned up and inaccessible however there are some edge cases in which this does not happen.

Screenshot(s)

Description

The aim of mimikittenz is to provide user-level (non-admin privileged) sensitive data extraction in order to maximise post exploitation efforts and increase value of information gathered per target.

Currently mimikittenz is able to extract the following credentials from memory:

Webmail

Gmail
Office365
Outlook Web

Accounting

Xero
MYOB

Remote Access

Juniper SSL-VPN
Citrix NetScaler
Remote Desktop Web Access 2012

Developement

Jira
Github
Bugzilla
Zendesk
Cpanel

IHateReverseEngineers

Malwr
VirusTotal
AnubisLabs

Misc

Dropbox
Microsoft Onedrive
AWS Web Services
Slack
Twitter
Facebook

DOWNLOAD: https://github.com/putterpanda/mimikittenz

Deixe um comentário Cancelar resposta

Digite seu comentário aqui...

Preencha os seus dados abaixo ou clique em um ícone para log in:

Email (obrigatório) (Nunca tornar endereço público)

Nome (obrigatório)

Site

Você está comentando utilizando sua conta WordPress.com. ( Sair / Alterar )

Você está comentando utilizando sua conta Facebook. ( Sair / Alterar )

Cancelar

Conectando a %s

S	T	Q	Q	S	S	D
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Mundo Tecnológico

Blog sobre Segurança da Informação e Tecnologia -Diego Piffaretti

mimikittenz – A post-exploitation powershell tool for extracting juicy info from memory

Screenshot(s)