Latest Posts

​Create a USB Password Stealer to See How Secure Your Info Really Is

​Create a USB Password Stealer to See How Secure Your Info Really Is

Slacking on password security can have horrific consequences. Even so, it's easy to lose track of how many are vulnerable. With just a couple of files, you can steal passwords from nearly everywhere they're stored on a victim's Windows PC, including your own, just to see how secure they really are.

This post is part of our Evil Week series at Lifehacker, where we look at the dark side of getting things done. Knowing evil means knowing how to beat it, so you can use your sinister powers for good. Want more? Check out our evil week tag page.

A good rule of thumb is that if you've stored a password on your computer, you've made it possible for someone else to steal with something as simple as a USB flash drive and a one-click script. This includes everything from wireless network keys to passwords you've saved in your browser. Hacker's Handbook has a great guide for the more experienced user, but we'll break it down for beginners here:

Step One: Collect Your Tools

​Create a USB Password Stealer to See How Secure Your Info Really Is

NirSoft makes a ton of utilities that we love, and they have a pretty good suite of security tools. Some of those tools are what you will use to hack your system.

Plug in your USB drive, and create a folder titled "Utilities". Then, download the following zip files (not the self-install executables) from the NirSoft Password Recovery Utilities page onto the thumb drive and—after extracting the files—place all of the .exe files in the Utilities folder:

  • MessenPass
  • Mail PassView
  • Protected Storage PassView
  • Dialupass
  • BulletsPassView
  • Network Password Recovery
  • SniffPass Password Sniffer
  • RouterPassView
  • PstPassword
  • WebBrowserPassView
  • WirelessKeyView
  • Remote Desktop PassView
  • VNCPassView

Each of these executable files recovers passwords from a specific place on the computer. For example, WirelessKeyView.exe pulls your wireless key, and WebBrowserPassView.exe grabs all of the passwords stored in your browsers. If you want to see what each one does in detail, check the NirSoft page linked above. If you see any other password recovery tools you want to try out, download them as well, but what we have here is a good starting point.

Step Two: Automate the Tools to Work With One Click (XP and Vista Only)

​Create a USB Password Stealer to See How Secure Your Info Really Is

Next, we're going to set up a script that runs all these utilities at once—allowing you to grab a giant cache of stored passwords in one click (though it only works properly on Windows XP and Vista, so if you're only using this on Windows 7 and above, you can skip this step). Open your text editor, and for each file you downloaded, write this line of code in one text file:

start filename /stext filename.txt

Replace "filename" with the name of the executable you just downloaded, including the file extension. When you replace "filename" after the backslash, you will change the .exe to a .txt file extension. This is the password log the executable will create for you to see. A finished script should look like this:

start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt<br>start pspv.exe /stext pspv.txt
start Dialupass.exe /stext Dialupass.txt
start BulletsPassView.exe /stext BulletsPassView.txt
start netpass.exe /stext netpass.txt
start sniffpass.exe /stext sniffpass.txt
start RouterPassView.exe /stext RouterPassView.txt
start PstPassword.exe /stext PstPassword.txt
start WebBrowserPassView.exe /stext WebBrowserPassView.txt
start WirelessKeyView.exe /stext WirelessKeyView.txt
start rdpv.exe /stext rdpv.txt
start VNCPassView.exe /stext VNCPassView.txt

Once you're done writing the script, save the file as Launch.bat in the Utilities folder you created.

Step Three: Test Your New Password Stealer

​Create a USB Password Stealer to See How Secure Your Info Really Is

Now you will be able to recover the usernames and passwords from each of these programs. They will create detailed logs that show you the password, username, and source (like the Network name or website URL), which is all you really need to do damage. There's also the date the password was created, password strength, and other information depending on the program. Here's how to test your new password stealer to see how many passwords you've left vulnerable on your PC.

XP and Vista: Run the Script

Click the launch.bat file you just made to launch it. The password logs will appear in the Utilities folder as .txt files alongside the original executables. Each will have the same name as the .exe file they're sourced from. For example: the ChromePass.exe file will have a ChromePass.txt file that houses all of the recovered passwords and usernames. All you have to do is open the .txt files, and you'll see all your passwords.

Windows 7 and Above: Run Each Password Recovery App Individually

If you use Windows 7 or above, the script won't work for many of the apps, so you'll need to open them up individually. Double-click on each program and the list of passwords will pop up in a window. Select all that you want to save, and go to the File menu, and save the log as a .txt file in the original Utilities folder you created on your flash drive.

Use these logs to see for yourself how many passwords you've left vulnerable on your system. It's remarkably easy to find and take them!

Step Four: Protect Yourself

​Create a USB Password Stealer to See How Secure Your Info Really Is

Now that you know how vulnerable your information is, get serious about protecting yourself. Take these precautions:

  • If your computer has autorun enabled, disable it. It only takes a couple more lines of code to set the .bat file to launch automatically when the flash drive is plugged in, without the user even seeing what's happening.
  • Take measures like not allowing your browser to remember your passwords, or at least the important ones like mobile banking. Instead, use password managers with encryption like LastPass or another good password manager to store all of your passwords securely and out of harm's way.
  • Use two-factor authentication every chance you get. There are tons of ways for hackers to get your information if they want to. The second factor—something you have—could be what saves you in the end.
  • The obvious: always maintain physical control of your computer whenever possible. Never leave your PC unattended with anyone else, especially someone who's using a USB flash drive. In fact, it wouldn't hurt to offer to do the work yourself as often as possible when a friend asks if they can use your computer.

Strong passwords aren't all the protection you need. Understand how vulnerable your information really is, and build a nearly hack-proof password system to stay safe.

Photos by SamahR, Chris Yarzab, and Ervins Strauhmanis.

Anonymous, Gaming, Mortal Kombat X, replies

Although I agree that some female fighters should be a little less revealing in costume, it bothers me that people are /constantly/ saying Mileena should get one that covers her up, I’ve even heard someone go as far as saying give her an Assassin’s Creed robe, like what the fuck? Are they even a fan of the series? Yes, the other female’s do not have much of a reason to be revealing, but Mileena of all characters has been said time and time again that it is part of her character. (+)

”(+) To out do Kitana and make up for her lack of complete facial beauty, she shows off her body in a sexualized manner. I am happy people are attempting to be some what progressive, but you are literally taking away part of her character if you take away her acknowledgement of her own body.”


i think the main thing about this, is the fact that mileena is not autonomous, she was essentially created under male agency. in the mk9 storyline, her flesh pits costume is very exaggerated/sexualised, but that was not her choice to wear it. whilst her personality is reflective of her outward appearance, i do agree with what you said about her overtly seductive behaviour, it is only one aspect of her character. in mk9, a lot of the females were sexualised and their outward appearance were not appropriate for their personality/character (case in point, sonya blade’s boob vest).

i think it’s harmless if someone wants to see mileena in an assassin’s creed robe, in fact, i think it’s a nice idea - but the mortal kombat series has had a very bold line between male and female character designs. i wouldn’t blame any fan if they wanted to see the females in some designs that were similar to the males.

Gaming, gif, Mortal Kombat X, popularish

Pitch Your Own Idea as Someone Else’s for More Honest Feedback

Pitch Your Own Idea as Someone Else's for More Honest Feedback

Our friends and family sure are wonderful aren't they? They encourage us and make us feel better even if we we're doing something dumb. For getting feedback on our ideas, this is terrible.

To avoid the problem of getting less than honest feedback, pitch your ideas as someone else's. Rather than saying "I had an idea for an app that does X," say "So I saw this new app today and it does X." Their response will give you a better indicator of how they may react to it if they didn't know you.

Of course, this doesn't mean that their honest suggestions are the best ones all the time. Plenty of people have advised against great ideas. And of course you should probably claim ownership of your idea when it counts (like in a meeting at work). But hopefully this can help you get a better sense of how strangers would react.

LPT: When you are really willing to get an honest feedback about your business idea from a friend or family member, tell the idea as if it's someone else's idea. | Reddit

Photo by Robert McGoldrick.

Gaming, mortal kombat, Mortal Kombat X
popularish, Rihanna
popularish, television, tv