b0N3z Posted April 4, 2017 Share Posted April 4, 2017 https://github.com/huntergregal/mimipenguin IDK if anybody has seen this yet but I ran across it earlier today. Id try to edit this myself but I have no time at the present moment with work and child taking up all my time right now. Ill just leave it here if somebody wants to mess with it. Quote Link to comment Share on other sites More sharing options...
Decoy Posted April 4, 2017 Share Posted April 4, 2017 (edited) Seems cool, but it needs root to run. You need the password to get the passwords... If only it were as easy to bypass it in Linux as it is in Windows... Edited April 4, 2017 by Decoy Quote Link to comment Share on other sites More sharing options...
b0N3z Posted April 4, 2017 Author Share Posted April 4, 2017 so kali is about the only thing it will work on lol Quote Link to comment Share on other sites More sharing options...
Decoy Posted April 4, 2017 Share Posted April 4, 2017 (edited) 15 minutes ago, b0N3z said: so kali is about the only thing it will work on lol Right. Or anyone who is dumb enough to run in root all the time, lol. Now it might be possible to pull this off with a little social engineering though. For example, what if you were able to tailor a scenario where the user had to legitimately (or so they think) needed to enter the sudo password. From there - you pipe the password they enter into the actual command they think they're executing - while executing mimipenguin in the background. You would most likely need to have removed the bash bunny at this point, but the shell script could still be running in the background, and utilize some sort of server to receive the password dump. Edited April 4, 2017 by Decoy Quote Link to comment Share on other sites More sharing options...
Decoy Posted April 4, 2017 Share Posted April 4, 2017 Something like this (obviously this is a super simple version) - but we can get creative with it. This could be fun :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.