I have put together an alpha-as-hell-ultra-bunch of powerful little tools and created an executable batch file that allows you, at the click of a—well—click… to extract any Wi-Fi, internet browser, mail account, Windows Login, Skype, Remote Desktop, Windows bullet form, messenger, LAN, router and many more usernames and passwords that are saved in a computer that you’re going to be using this USB stick on.
You may have come across terms like “badUSB”, “RubberDucky” and “USB Driveby”, but this is not technically what we’re going to be doing here. Although some of the description of these 3 exploits might match with my method here, they are not the same. I’ll just call this the “CredSniff” (Credentials Sniffer) for the sake of naming it. So, let’s do this.
Oh, wait, what are guides like this without a disclaimer?
Disclaimer: I will not be responsible for any sort of trouble that you might get yourself into—if you do; and this guide solely exists for ethical and educational purposes.
There, it’s in red and italics too. So let’s begin!
Step 1: Download the files required
You’re going to need the bunch of tools I have put together along with the batch file to execute them all at once. You can download it here.
After the download is complete, extract the .RAR file anywhere you like and you’ll now have the folder “CredSniff” there. Password: 123456 (Had to set a password so that MediaFire doesn’t flag the file as a virus. I guarantee you it’s a false positive, 100% safe, I scanned it myself with the latest updated signature database of ESET NOD32 Antivirus)
Step 2: Plug the USB stick in
Take the USB stick which you want to turn into the portable credentials stealing tool, and plug it into your computer.
Step 3: Install the tools onto the USB stick
Now, moving on to the folder “CredSniff” that you had extracted earlier. Open it, you’ll find the following content in it:
Let me give you a quick breakdown of all of these files:-
bpv.exe: A tool that shows any saved passwords that Windows stores or hides in the form of bullet points, like “••••••••”
cfv.exe: A tool that shows any credentials saved in the Windows Credentials files
hashes.exe: A tool that extracts saved Wi-Fi usernames and passwords from the computer and also the hashes of the Windows Login passwords (I will post about cracking these hashes in another post soon)
ins000.bat: A batch file I made to run all of the programs in this folder together and save the output in a text file on the stick so you can read it later if you’re in a hurry. Also, I’ve named the batch file like that so it doesn’t grab a lot of attention and looks like it’s just a core constituent of the USB’s default files.
mailpv.exe: A tool that shows all saved mail accounts’ usernames and passwords (like Microsoft Outlook, etc.)
mspass.exe: A tool that shows all saved messenger accounts’ usernames and passwords (like MS Messenger, etc.)
npass.exe: A tool that shows all saved LAN and Wi-Fi usernames + passwords, router information, and router login as well
pspv.exe: A tool that shows all saved usernames and passwords in Microsoft Protected Storage PassView
rdpv.exe: A tool that shows the Remote Desktop password
rpv.exe: A tool that shows router information and login credentials
vpv.exe: A tool that shows Windows Vault passwords
wbpv.exe: A tool that shows all saved usernames, passwords and other information from internet browsers like Google Chrome, Mozilla Firefox, Internet Explorer, etc.
wkv.exe: A tool that shows the WEP/WPA passwords of routers the computer has connected to previously
NOTE: You’re not going to need to change any settings in the configuration files.
ALSO NOTE: Yes, some of the tools do the same things, but it’s still best to run them all because one might work for you and one might not.
Now, copy all of these files and paste them in the main directory of your USB stick, that is, not in any folder, directly in the USB stick. You can choose to make them hidden later if you want, but it is essential that you keep it in the USB stick’s root.
You’re basically done!
Step 4: Test the stick on your own / “friend’s” computer
Plug the USB stick into the computer and run the batch file. It should bring up a command prompt window and take about 4-8 seconds to complete dumping all the information into a text file named “dmp.txt” after it’s done. This text file is automatically generated after the extraction.
This text file holds Wi-Fi and Skype usernames, passwords, and Windows Login account passwords in the form of hashes, like this:
It will also open 11 small different windows, each will have the login details for internet browser, mail, messenger, router, vault and other accounts respectively. These windows will look like this:
There, you’ve done it! You now have all, if any, saved usernames and passwords from the computer you plugged your USB stick into.
Tips for Stealthy Execution
• Keep all the files except the “ins000.bat” file hidden so it doesn’t raise suspicions
• You can change the name of the output text file by editing the batch file. This can be done by opening the .bat file with the notepad application