mimikittenzis a post-exploitation powershell tool that utilizes the Windows function
ReadProcessMemory()in order to extract plain-text passwords from various target processes.
mimikittenzcan also easily extract other kinds of juicy info from target processes using regex patterns including but not limited to:
- TRACK2 (CreditCard) data from merchant/POS processes
- PII data
- Encryption Keys & All the other goodstuff
note : This tool is targeting running process memory address space, once a process is killed it's memory 'should' be cleaned up and inaccessible however there are some edge cases in which this does not happen.
The aim of
mimikittenzis to provide user-level (non-admin privileged) sensitive data extraction in order to maximise post exploitation efforts and increase value of information gathered per target.
mimikittenzis able to extract the following credentials from memory:
- Outlook Web
- Juniper SSL-VPN
- Citrix NetScaler
- Remote Desktop Web Access 2012
- Microsoft Onedrive
- AWS Web Services
- Custom regex - The syntax for adding custom regex is as follows:
- Custom target process - Just append your target proccess name into the array: