mimikittenz, a PowerShell tool to extract plain-text passwords from memory

The tool utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes


mimikittenz (the younger brother of Mimikatz?) provides a user-level extraction tool for sensitive data, focusing on running process memory address space:

once a process is killed it’s memory ‘should’ be cleaned up and inaccessible however there are some edge cases in which this does not happen.

Features

Currently mimikittenz is able to extract the following credentials from memory:

Webmail

  • Gmail
  • Office365
  • Outlook Web

Accounting

  • Xero
  • MYOB

Remote Access

  • Juniper SSL-VPN
  • Citrix NetScaler
  • Remote Desktop Web Access 2012

Development

  • Jira
  • Github
  • Bugzilla
  • Zendesk
  • Cpanel

IHateReverseEngineers

  • Malwr
  • VirusTotal
  • AnubisLabs

Misc

  • Dropbox
  • Microsoft Onedrive
  • AWS Web Services
  • Slack
  • Twitter
  • Facebook

More information and downloads

on the official GitHub repo:

https://github.com/putterpanda/mimikittenz

Comments