Creating the Ultimate USB Password Stealer

Slacking on password security can have horrific consequences. Even so, it's easy to lose track of how many are vulnerable. With just a couple of files, you can steal passwords from nearly everywhere they're stored on a victim's Windows PC, including your own, just to see how secure they really are.

This post is part of our Evil Week series at Lifehacker, where we look at the dark side of getting things done. Knowing evil means knowing how to beat it, so you can use your sinister powers for good. Want more? Check out our evil week tag page.

A good rule of thumb is that if you've stored a password on your computer, you've made it possible for someone else to steal with something as simple as a USB flash drive and a one-click script. This includes everything from wireless network keys to passwords you've saved in your browser. Hacker's Handbook has a great guide for the more experienced user, but we'll break it down for beginners here:

Step One: Collect Your Tools

NirSoft makes a ton of utilities that we love, and they have a pretty good suite of security tools. We're going to use a few that recover passwords to create our ultimate USB tool.

Plug in your USB drive, and create a folder titled "Utilities". Then, download the following zip files (not the self-install executables) from the NirSoft Password Recovery Utilities page onto the thumb drive and—after extracting the files—place all of the .exe files in the Utilities folder:

• MessenPass
• Mail PassView
• Protected Storage PassView
• Dialupass
• BulletsPassView
• Network Password Recovery
• SniffPass Password Sniffer
• RouterPassView
• PstPassword
• WebBrowserPassView
• WirelessKeyView
• Remote Desktop PassView
• VNCPassView

Each of these executable files recovers passwords from a specific place on the computer. For example, WirelessKeyView.exe pulls your wireless key, and WebBrowserPassView.exe grabs all of the passwords stored in your browsers. If you want to see what each one does in detail, check the NirSoft page linked above. If you see any other password recovery tools you want to try out, download them as well, but what we have here is a good starting point.

Step Two: Automate the Tools to Work With One Click (XP and Vista Only)

Next, we're going to set up a script that runs all these utilities at once—allowing you to grab a giant cache of stored passwords in one click (though it only works properly on Windows XP and Vista, so if you're only using this on Windows 7 and above, you can skip this step). Open your text editor, and for each file you downloaded, write this line of code in one text file:

start filename /stext filename.txt

Replace "filename" with the name of the executable you just downloaded, including the file extension. When you replace "filename" after the slash, you will change the .exe to a .txt file extension. This is the password log the executable will create for you to see. A finished script should look like this:

start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt<br>start pspv.exe /stext pspv.txt
start Dialupass.exe /stext Dialupass.txt
start BulletsPassView.exe /stext BulletsPassView.txt
start netpass.exe /stext netpass.txt
start sniffpass.exe /stext sniffpass.txt
start RouterPassView.exe /stext RouterPassView.txt
start PstPassword.exe /stext PstPassword.txt
start WebBrowserPassView.exe /stext WebBrowserPassView.txt
start WirelessKeyView.exe /stext WirelessKeyView.txt
start rdpv.exe /stext rdpv.txt
start VNCPassView.exe /stext VNCPassView.txt

Once you're done writing the script, save the file as Launch.bat in the Utilities folder you created.

Step Three: Test Your New Password Stealer

Now you will be able to recover the usernames and passwords from each of these programs. They will create detailed logs that show you the password, username, and source (like the Network name or website URL), which is all you really need to do damage. There's also the date the password was created, password strength, and other information depending on the program. Here's how to test your new password stealer to see how many passwords you've left vulnerable on your PC.

XP and Vista: Run the Script

Click the launch.bat file you just made to launch it. The password logs will appear in the Utilities folder as .txt files alongside the original executables. Each will have the same name as the .exe file they're sourced from. For example: the ChromePass.exe file will have a ChromePass.txt file that houses all of the recovered passwords and usernames. All you have to do is open the .txt files, and you'll see all your passwords.

Windows 7 and Above: Run Each Password Recovery App Individually

If you use Windows 7 or above, the script won't work for many of the apps, so you'll need to open them up individually. Double-click on each program and the list of passwords will pop up in a window. Select all that you want to save, and go to the File menu, and save the log as a .txt file in the original Utilities folder you created on your flash drive.

Use these logs to see for yourself how many passwords you've left vulnerable on your system. It's remarkably easy to find and take them!

How To Root Your Android Device?

Android is a mobile operating system that based on Linux and the root user is an Administrator user, which has all permissions to access to the entire Android operating system (OS). Like other mobile OS, Android limits the app working in the sandbox, to protect your Android device from threats as well as exploitation.

On a regular Android device, you do not have root access, but the root user always exists in the system. You can not access to the root user with any built-in feature, so “rooting” is an only way to access and use the root user account.

Basically, rooting an Android device is the same with jailbreak an iOS device, allows apps to work with more access, permissions and low-level system. With the root user access, you can run a firewall on your Android device, as well as remove bloatware, enable tethering internet, manually backup app settings and use a lot of tweaks. If you want to use a specific Android app and it’s required root access, then you need to root your Android device.

What You Should To Know Before Root Your Android Device?

Typically, Google and manufacturers do not recommend you to root Android devices because it makes your Android OS is more weak. After rooted, most apps are able to working out of the sandbox and could abuse root privileges and snoop on other Android apps. For example, if you are using Google Wallet, someone can try to attack your Android devices and exploit your Google Wallet account.

In terms of some manufacturers, you will lose warranty of the device if it’s rooted. The root process is not actually damaging the hardware. You are also able to unroot the device by just restore the stock firmware, and manufacturers will not able to know if it’s been rooted or not.

Basically, rooting is a safe process, but if you mess something up, then you can’t expect a free fix from warranty service. So make sure you clearly know what you will do in the next step or know how to restore your Android device in case it got errors. I would suggest you backup your data and important files before root your Android device. If you don’t know how to backup the device, then the simplest way is using Android file transfer to copy your important data and files.

How To Root Android Device?

Rooting is a simple and quick process, but there is no standard way to root all devices. I will list a few popular tools that will help you root your Android device quickly and safety. If your Android device is not supported, visit XDA Developers forums, find your device on the sub-forum with your specific model for solutions.

Kingo Root

This is one of the most popular rooting tools that supports a larger number of Android devices. You can take a look at the supported list to see if your device is supported or not. The website also claimed this is an incomplete list, there are a lot of “not listed” devices, but it’s not meant “not supported”.

Kingo Root is a Windows app, and you need to download the app to your Windows computer, enable USB debugging, connect your Android device to the computer, and then the Kingo Root will automatically try to root the device. It’s also available as an Android app, you need to download the .apk file, install the app as external app and use it to root your device. If you want to install and use apps from “unknown sources”, visit Settings > Security, and then “Enable apps from Unknown sources”.

Towelroot

Towelroot is another app that runs on Android OS, allows you to root your Android device with a few simple steps. The Towelroot app was developed by GeoHot, you can visit the website address at here, download the .apk file, install the Towelroot app and use it to root your device.

I would suggest you to install the SuperSU app from Google Play, this app will let you control which app will have access to root user as it will ask you and give you an option to grant the access or deny it. This is a simple way to control the app permissions and deny unwanted access.

How to Unroot A Rooted Android Device?

As I have mentioned above, the SuperSU app will help you to control the app permissions and accesses. However, it also has a great feature, allow you to do full unroot a rooted device. Go to Settings and select Full Unroot option and your Android device is definitely fully restored.

COOL ANDROID HACKS AND TRICKS

Android  has brought many more interesting features To us. While some features are visible to everyone, there are also some cool features only Few People know.Here is the list of some cool Android Tricks and hacks