Slacking on password security can have horrific consequences. Even so, it's easy to lose track of how many are vulnerable. With just a couple of files, you can steal passwords from nearly everywhere they're stored on a victim's Windows PC, including your own, just to see how secure they really are.
This post is part of our Evil Week series at Lifehacker, where we look at the dark side of getting things done. Knowing evil means knowing how to beat it, so you can use your sinister powers for good. Want more? Check out our evil week tag page.
A good rule of thumb is that if you've stored a password on your computer, you've made it possible for someone else to steal with something as simple as a USB flash drive and a one-click script. This includes everything from wireless network keys to passwords you've saved in your browser. Hacker's Handbook has a great guide for the more experienced user, but we'll break it down for beginners here:
Step One: Collect Your Tools
NirSoft makes a ton of utilities that we love, and they have a pretty good suite of security tools. Some of those tools are what you will use to hack your system.
Plug in your USB drive, and create a folder titled "Utilities". Then, download the following zip files (not the self-install executables) from the NirSoft Password Recovery Utilities page onto the thumb drive and—after extracting the files—place all of the .exe files in the Utilities folder:
- Mail PassView
- Protected Storage PassView
- Network Password Recovery
- SniffPass Password Sniffer
- Remote Desktop PassView
Each of these executable files recovers passwords from a specific place on the computer. For example, WirelessKeyView.exe pulls your wireless key, and WebBrowserPassView.exe grabs all of the passwords stored in your browsers. If you want to see what each one does in detail, check the NirSoft page linked above. If you see any other password recovery tools you want to try out, download them as well, but what we have here is a good starting point.
Step Two: Automate the Tools to Work With One Click (XP and Vista Only)
Next, we're going to set up a script that runs all these utilities at once—allowing you to grab a giant cache of stored passwords in one click (though it only works properly on Windows XP and Vista, so if you're only using this on Windows 7 and above, you can skip this step). Open your text editor, and for each file you downloaded, write this line of code in one text file:
start filename /stext filename.txt
Replace "filename" with the name of the executable you just downloaded, including the file extension. When you replace "filename" after the backslash, you will change the .exe to a .txt file extension. This is the password log the executable will create for you to see. A finished script should look like this:
start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt<br>start pspv.exe /stext pspv.txt start Dialupass.exe /stext Dialupass.txt start BulletsPassView.exe /stext BulletsPassView.txt start netpass.exe /stext netpass.txt start sniffpass.exe /stext sniffpass.txt start RouterPassView.exe /stext RouterPassView.txt start PstPassword.exe /stext PstPassword.txt start WebBrowserPassView.exe /stext WebBrowserPassView.txt start WirelessKeyView.exe /stext WirelessKeyView.txt start rdpv.exe /stext rdpv.txt start VNCPassView.exe /stext VNCPassView.txt
Once you're done writing the script, save the file as Launch.bat in the Utilities folder you created.
Step Three: Test Your New Password Stealer
Now you will be able to recover the usernames and passwords from each of these programs. They will create detailed logs that show you the password, username, and source (like the Network name or website URL), which is all you really need to do damage. There's also the date the password was created, password strength, and other information depending on the program. Here's how to test your new password stealer to see how many passwords you've left vulnerable on your PC.
XP and Vista: Run the Script
Click the launch.bat file you just made to launch it. The password logs will appear in the Utilities folder as .txt files alongside the original executables. Each will have the same name as the .exe file they're sourced from. For example: the ChromePass.exe file will have a ChromePass.txt file that houses all of the recovered passwords and usernames. All you have to do is open the .txt files, and you'll see all your passwords.
Windows 7 and Above: Run Each Password Recovery App Individually
If you use Windows 7 or above, the script won't work for many of the apps, so you'll need to open them up individually. Double-click on each program and the list of passwords will pop up in a window. Select all that you want to save, and go to the File menu, and save the log as a .txt file in the original Utilities folder you created on your flash drive.
Use these logs to see for yourself how many passwords you've left vulnerable on your system. It's remarkably easy to find and take them!
Step Four: Protect Yourself
Now that you know how vulnerable your information is, get serious about protecting yourself. Take these precautions:
- If your computer has autorun enabled, disable it. It only takes a couple more lines of code to set the .bat file to launch automatically when the flash drive is plugged in, without the user even seeing what's happening.
- Take measures like not allowing your browser to remember your passwords, or at least the important ones like mobile banking. Instead, use password managers with encryption like LastPass or another good password manager to store all of your passwords securely and out of harm's way.
- Use two-factor authentication every chance you get. There are tons of ways for hackers to get your information if they want to. The second factor—something you have—could be what saves you in the end.
- The obvious: always maintain physical control of your computer whenever possible. Never leave your PC unattended with anyone else, especially someone who's using a USB flash drive. In fact, it wouldn't hurt to offer to do the work yourself as often as possible when a friend asks if they can use your computer.
Strong passwords aren't all the protection you need. Understand how vulnerable your information really is, and build a nearly hack-proof password system to stay safe.