search

huntergregal / mimipenguin

A tool to dump the login password from the current linux user
Other
3.79k stars 631 forks source link

Not working here: #7

Closed ghost closed 7 years ago

ghost commented 7 years ago

Does it work? On 16.04:

$ sudo ./mimipenguin.sh 
strings: '/tmp/dump.': No such file
strings: '/tmp/dump.': No such file
strings: '/tmp/dump.': No such file
MimiPenguin Results:
$

On ubuntu 14.04. 

$ sudo bin/mimipenguin.sh 
strings: '/tmp/dump.': No such file
strings: '/tmp/dump.': No such file
strings: '/tmp/dump.': No such file
strings: '/tmp/sshd.14181 20491': No such file
strings: '/tmp/sshd.14181 20491': No such file
MimiPenguin Results:
$

No results. Appears there are more dependencies than listed or that all the leak methods don't work on patched systems. Also tried it on an apache server running about 5 different vhosts. No joy.

huntergregal commented 7 years ago

Looks like it's having issues extracting the PID.

When my sample test cases go from 1 to 500+ the little bugs rise up :) Another issue on here is also related to this. I plan on trying to patch this later today. Thanks for bringing this up!

ghost commented 7 years ago

Just looked through the "supported tested" lists. Not running gnome-desktop. Most people using Ubuntu would run Unity or LXDE or Mate or XFCE - IME. Rarely see gnome-desktop.

Apache version is v2.4.7. We generally use nginx, but have a few legacy sites on apache still.

ssh-server v1:6.6p1 and v1:7.2p2

Only the pentesters run kali. NEVER used in production, for obvious reasons.

Did have some fun dumping a keepassx DB, however. ;)

Wondering why pgrep isn't used to get the process id.

huntergregal commented 7 years ago

Thanks for the update. Some additional info:

-gnome desktop is the default for ubuntu desktop so i was going off of that. , i plan for extend to unity and lxde

huntergregal commented 7 years ago

I'm going to close this issue for now unless one of the scenario I mentioned is true for you and it is still not working.