Mimipenguin is a tool that may allow a user to dump login password from the current Linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz.
This version of Mimipenguin sacrifices features and coverage (as opposed to the beta-1.0 py and sh scripts) in favor of speed and efficiency. Beta 2.0 uses hardcoded offsets for known structures in memory along with PTRACE to reliably extract cleartext user passwords from linux desktop environments.
The tool will not only allow to get Operating system login and password but any credentials for remote session over SSH , Apache active or non active session and HTTP Basic AUTH. This mean that if during the penetration testing or red team engagement it was possible to have access to any host using phishing attack or MITM. It will be possible to get other login and password for many more accounts.
In order to have the tool working properly user should have a root permission and a supported operating system.
Current supported OS:
- Ubuntu Desktop 12.04 LTS x64
- Ubuntu Desktop 16.04 LTS x64
- Fedora Workstation 25 (x86 _64)
- Fedora Workstation 27 (x86 _64)
- Kali- rolling x64
You can read more and download this tool over here: https://github.com/huntergregal/