mimipenguin

b0N3z · April 4, 2017

https://github.com/huntergregal/mimipenguin

IDK if anybody has seen this yet but I ran across it earlier today. Id try to edit this myself but I have no time at the present moment with work and child taking up all my time right now. Ill just leave it here if somebody wants to mess with it.

Decoy · April 4, 2017

Seems cool, but it needs root to run. You need the password to get the passwords... If only it were as easy to bypass it in Linux as it is in Windows...

Edited April 4, 2017 by Decoy

b0N3z · April 4, 2017

so kali is about the only thing it will work on lol

Decoy · April 4, 2017

15 minutes ago, b0N3z said:

so kali is about the only thing it will work on lol

Right. Or anyone who is dumb enough to run in root all the time, lol. Now it might be possible to pull this off with a little social engineering though. For example, what if you were able to tailor a scenario where the user had to legitimately (or so they think) needed to enter the sudo password. From there - you pipe the password they enter into the actual command they think they're executing - while executing mimipenguin in the background. You would most likely need to have removed the bash bunny at this point, but the shell script could still be running in the background, and utilize some sort of server to receive the password dump.

Edited April 4, 2017 by Decoy

Decoy · April 4, 2017

Something like this (obviously this is a super simple version) - but we can get creative with it. This could be fun :)

Sign In

mimipenguin

Recommended Posts

b0N3z

Link to comment

Share on other sites

Decoy

Link to comment

Share on other sites

b0N3z

Link to comment

Share on other sites

Decoy

Link to comment

Share on other sites

Decoy

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members

Browse

Activity