Mimikatz for OpenVMS ? … now this is lame but actually works to my surprise.
Playing a little with gcore program from the gdb package on Debian X86_64, decided to dump the alphavm_free process memory to check for plaintext passwords there.
Here are my results:
OpenVMS 8.4-2 running via alphavm_free on Debian X86_64
# ps -ef | grep alphavm_free | grep -v grep root 617 616 99 Apr02 pts/2 4-00:58:59 ./alphavm_free config.emu # gcore -o /tmp/alpha 617 ..... Saved corefile /tmp/alpha.617 # strings /tmp/alpha.617 | less
User passwords were found in the memory dump for all that login via CONSOLE, the passphrases were plaintext but in UPPERCASE for all users, SYSTEM included.
Also all new users passwords added via the VMS command sequence were found in memory dump as plaintext
$ SET PROCESS/PRIVILEGE=SYSPRV $ SET DEFAULT SYS$SYSTEM $ @SYS$EXAMPLES:ADDUSER.COM
HP Tru64 UNIX V5.1B (Rev. 2650) running via alphavm_free on Debian X86_64
# ps -ef | grep alphavm | grep -v grep root 3641 3640 81 22:30 pts/11 00:09:56 ./alphavm_free config.emu # gcore -o /tmp/alpha 3641 ...... Saved corefile /tmp/alpha.3641 # strings /tmp/alpha.3641 | less
No plaintext passwords found in the memory dump. Login as root via CONSOLE, OpenSSH remote login.
It could be worth a try to check other systems that run on Alpha architecture (NetBSD, OpenBSD ..)
