Only supports root accounts?

[hiw0rld]

Hi I tested it on kali as root account It works right.. But it fails when I was a normal user (had sudo privileges , tested on kali ) It reported no /tmp/dump file.

BR

[huntergregal]

Hi, thanks for testing out my tool!

I have tested the script in Kali using a sudo user by calling the script with 'sudo ./mimipenguin.sh' and it succesfully ran and pulled credentials.

I have since merged a new dumping method from the-useless-one and tweaked the support for dumping multiple process. Please try again and let me know if you continue to run into errors.

[hiw0rld]

OK let me have a test

[hiw0rld]

Tested on Linux kali 3.18.0-kali3-amd64 #1 SMP Debian 3.18.6-1~kali2 (2015-03-02) x86_64 GNU/Linux Linux 3.10.0-327.4.5.el7.x86_64 #1 SMP Mon Jan 25 22:07:14 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[x ~]$ sudo ./mimipenguin.sh MimiPenguin Results:

Nothing found with ssh and sudo ./

[huntergregal]

root@kali:~/git/mimipenguin# ./mimipenguin.sh MimiPenguin Results: [SYSTEM - GNOME] root:toor [SYSTEM - GNOME] root:toor root@kali:~/git/mimipenguin# uname -a Linux kali 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux

This is strange for sure. It should be working for you. Did you login to your account using the GUI login screen?

If you are only testing for ssh passwords what you need to test it is -> ssh into your box. in your ssh session use sudo to elevate yourself (it must prompt you for your password), then you run the script as root or with sudo.

I have tested this but only it my environments, however it should work with the latest version of openssh. It looks for all ssh tty processes and dumps them looking for strings after sudo, which should include your password.

[hiw0rld]

yep It successed when I use GUI login screen. But failed when I sshed to the box and sudo script (I have sudo privileges )
I tested two environments. Both of them failed

[bcoles]

You may need to export DISPLAY=:0 before running mimipenguin.