Carding 4 Carders
Professional
Today we got an interesting exploit for our review that explains how to style cookies from browsers, as well as view and extract passwords.
Cookies are encrypted text documents that store basic information about the user who uses the browser. This information includes browser usage statistics, personal settings, saved logins and passwords, and much more.
There is an opinion on the Internet that cookies are such small programs that can be infected with a virus and then they will automatically send information about the user to a thief. In fact, these are just small databases, a kind of text documents, inside which information about the user is stored in encrypted form. There is no point in infecting such files. But they can always be stolen
The point of stealing cookies is to obtain information about the victim. It is convenient when all grades in your school are stored in an electronic journal. You go into the director's office, put in a flash drive, and you can sell good grades in the report card to classmates. Also a kind of small illegal earnings.
Also, in some Internet cafe, you can collect a sea of personal data of past visitors (provided that they have not cleared the cookies after themselves). True, few people do this. Internet cafes are rarely visited by people who are good at PCs. Although, this is a more controversial statement. So, sir, something we digress from the topic.
What is needed to steal Cookie directly?
Let's start with the caveats. This method has both certain disadvantages and some advantages. Let's start with the cons.1. Incompatibility with WINDOWS 10, and the latest versions of the seven.
Do not think, the exploit itself works on all versions of the operating system. The problem is that it is on THESE OS versions that the stealer will have to be used manually. Microsoft removed the ability to run AutoRun on 10 and the latest versions of the 7 for security reasons, which complicates the task. However, nothing prevents us from weaving noodles on the ears of a friend that you need to run to him and drop the files you need at his house onto your USB flash drive yourself. Fortunately, the process lasts milliseconds, the victim will not even understand anything.
2. It makes sense to style cookies only when you are sure that the victim is saving passwords in the browser.
Otherwise, you will have little useful information to extract from the information received.
Now let's move on to the pluses.
1. The method is not fired by antivirus.
In fact, you are not downloading a Trojan to your computer, or using any malware. During styling, all the information received is copied to a USB flash drive, where the HIDE attribute is assigned to it, and they become hidden.
2. The method refers to social engineering.
No matter who says anything, it is easier to hack a person than a computer. There can be a sea of prepositions. Ask a friend to come to him with a USB flash drive and download music, because your internet is supposedly turned off. At school - print your presentation. In an Internet cafe - no pretexts are needed at all.
And now that we have figured out the pros and cons, it's time to move on to the step-by-step analysis of the instructions.
1. Create 2 text files on the USB stick. The first one is called “autorun.inf” and the second one is “stealer.bat” * .bat is the executable file extension. Those. it can be used as a program *
In the first, we write the following lines:
[AutoRun]
Open = "stealer.bat"
The first file is responsible for the autostart of the styler.
2. The second is the stealer itself. It should be filled with the following lines:
Commands to be entered in the batch file
3. After that, "hide" the resulting files, and we can go to style passwords
4. After the operation is successful, we return home, and through the "Control Panel-> Appearance and Personalization-> Show hidden folders and files " we display the files hidden on the USB flash drive.
5. We delete our cookies on YOUR computer, or drop them on a USB flash drive. And in their place we copy the received ones.
6. Now download WebBrowserPassView. I personally used the portable version. There is no need to click anything in this program - it will download and decrypt cookies from your browsers by itself. Remember, don't forget to replace your files with the received ones!
Program interface
Returning to the disadvantages described above, you should decide which method of stilling to use. If the victim has the latest version of Windows 7, or even a dozen, then it is best to do the stilling manually. That is, you need to come to the victim's home, naturally having come up with an excuse in advance, connect the USB flash drive to the PC, and start the batch file manually.
