I have put together an alpha-as-hell-ultra-bunch of powerful little tools and created an executable batch file that allows you, at the click of a—well—click… to extract any Wi-Fi, internet browser, mail account, Windows Login, Skype, Remote Desktop, Windows bullet form, messenger, LAN, router and many more usernames and passwords that are saved in a computer that you’re going to be using this USB stick on.
You may have come across terms like “badUSB”, “RubberDucky” and “USB Driveby”, but this is not technically what we’re going to be doing here. Although some of the description of these 3 exploits might match with my method here, they are not the same. I’ll just call this the “CredSniff” (Credentials Sniffer) for the sake of naming it. So, let’s do this.
Oh, wait, what are guides like this without a disclaimer?
Disclaimer: I will not be responsible for any sort of trouble that you might get yourself into—if you do; and this guide solely exists for ethical and educational purposes.
There, it’s in red and italics too. So let’s begin!
Step 1: Download the files required
You’re going to need the bunch of tools I have put together along with the batch file to execute them all at once. You can download it here.
After the download is complete, extract the .RAR file anywhere you like and you’ll now have the folder “CredSniff” there. Password: 123456 (Had to set a password so that MediaFire doesn’t flag the file as a virus. I guarantee you it’s a false positive, 100% safe, I scanned it myself with the latest updated signature database of ESET NOD32 Antivirus)
Step 2: Plug the USB stick in
Take the USB stick which you want to turn into the portable credentials stealing tool, and plug it into your computer.
Step 3: Install the tools onto the USB stick
Now, moving on to the folder “CredSniff” that you had extracted earlier. Open it, you’ll find the following content in it:
Let me give you a quick breakdown of all of these files:-
bpv.exe: A tool that shows any saved passwords that Windows stores or hides in the form of bullet points, like “••••••••”
cfv.exe: A tool that shows any credentials saved in the Windows Credentials files
hashes.exe: A tool that extracts saved Wi-Fi usernames and passwords from the computer and also the hashes of the Windows Login passwords (I will post about cracking these hashes in another post soon)
ins000.bat: A batch file I made to run all of the programs in this folder together and save the output in a text file on the stick so you can read it later if you’re in a hurry. Also, I’ve named the batch file like that so it doesn’t grab a lot of attention and looks like it’s just a core constituent of the USB’s default files.
mailpv.exe: A tool that shows all saved mail accounts’ usernames and passwords (like Microsoft Outlook, etc.)
mspass.exe: A tool that shows all saved messenger accounts’ usernames and passwords (like MS Messenger, etc.)
npass.exe: A tool that shows all saved LAN and Wi-Fi usernames + passwords, router information, and router login as well
pspv.exe: A tool that shows all saved usernames and passwords in Microsoft Protected Storage PassView
rdpv.exe: A tool that shows the Remote Desktop password
rpv.exe: A tool that shows router information and login credentials
vpv.exe: A tool that shows Windows Vault passwords
wbpv.exe: A tool that shows all saved usernames, passwords and other information from internet browsers like Google Chrome, Mozilla Firefox, Internet Explorer, etc.
wkv.exe: A tool that shows the WEP/WPA passwords of routers the computer has connected to previously
NOTE: You’re not going to need to change any settings in the configuration files.
ALSO NOTE: Yes, some of the tools do the same things, but it’s still best to run them all because one might work for you and one might not.
Now, copy all of these files and paste them in the main directory of your USB stick, that is, not in any folder, directly in the USB stick. You can choose to make them hidden later if you want, but it is essential that you keep it in the USB stick’s root.
You’re basically done!
Step 4: Test the stick on your own / “friend’s” computer
Plug the USB stick into the computer and run the batch file. It should bring up a command prompt window and take about 4-8 seconds to complete dumping all the information into a text file named “dmp.txt” after it’s done. This text file is automatically generated after the extraction.
This text file holds Wi-Fi and Skype usernames, passwords, and Windows Login account passwords in the form of hashes, like this:
It will also open 11 small different windows, each will have the login details for internet browser, mail, messenger, router, vault and other accounts respectively. These windows will look like this:
There, you’ve done it! You now have all, if any, saved usernames and passwords from the computer you plugged your USB stick into.
Tips for Stealthy Execution
• Keep all the files except the “ins000.bat” file hidden so it doesn’t raise suspicions
• You can change the name of the output text file by editing the batch file. This can be done by opening the .bat file with the notepad application
I can’t find the batch file in the folder. Can you please guide me?
when i run it regular it runs but when i do as administrator it cant fine any exe files
most programs are getting blocked by friends Windows defender forcing to manually allow them in the defender one by one
All these tools (except hashes.exe) are super old and very well-known Windows′ very own native tools for recovery of lost credentials. Windows must have flagged these tools as harmful in the later versions of Windows due to the ″too convenient″ factor of them. When this post was created, none of the tools used to trigger Windows Defender!
password 123456 doesn’t work.
This has been tested and confirmed just now as working optimally. Kindly, check if you are entering the RAR password correctly (123456); if the issue still persists, then your system may be removing the file(s) in the quarantining process, which of course, would be a false positive.
Never knew this, thank you for letting me know!
Question for you. Would I need to create a cfg file if I wanted to add additional tools like chromepass and passwordfox?
Answer for you. All you would need to do is get into the existing .bat file and edit it to contain those additional tools (given the tools are in the same directory as all the others) that you want being run upon the execution of the .bat file. That’s it!
i did as the instructions said but when i ran it it didn’t save to the dump txt file and according to my PC im missing a bunch of .exe files.
My tool only has one .exe file in it. Could you specify the “bunch of missing .exe files”? What’s the exact error or warning that your system shows you? That would help me help you out!
i figured it out my windows defender kept blocking the files download and i was missing alot of stuff.
thx anyway though!
Oh, okay. Glad you fixed it. How’s the tool working for you? All good?
keep up the fantastic work, I read few blog posts on this website and I think that your blog is rattling interesting and has sets of excellent info .