USB Credential Harvesting

Hello Everyone here I will like to share how you can hack a person’s online account by getting physical access to the victim’s machine. (This is for educational purpose only)
Getting access to a person’s machine can be done in so many ways, one way is to use Social Engineering like “hey mate your laptop looks nice, can I have a look at it?” The innocent victim feels good and gives you his machine. Now the next part is is having your USB and a small software called Webbrowserpassview can be downloaded from https://www.nirsoft.net. this light software should be in the USB and once opened, it automatically saves all passwords and emails(or usernames) of sites logged in all the browsers on that machine in a .txt file. An easier way to do this is to write a batch file in the USB that automatically runs the software once it is inserted into the machine. Enjoy hacking!

I have yet to find any bat file that will auto run. USB Rubber Ducky would work though or its digispark alternative.

If you know batch programing you can write your own custom code to do that. Or you could still download a script that does the work. The only problem is that the last time I check most anti Vitus now blocks any script that makes a software auto runs via a USB stick.

Also many AVs considers .bat and .vbs extension files as malware and blocks them instantly on the door while entering in the house. Maybe one can try to hide his payload in order to encrypt and hide malware from AV?