USB Password Leecher

In this segment we'll
overview a few of Microsoft Window's security weaknesses and show how
to build a custom USB key that will retrieve vital information from a
target computer, necessary for auditing password strength. A major flaw
in the way Windows stores password information is the use of the legacy
LM, or LAN Manager hash. While this hash is based on DES encryption it
is vulnerable to time-memory trade-off attacks due to it's poor
implementation. Our custom USB key uses new U3 technology to
automatically and invisibly retrieve these weak hashes within seconds
of being inserted into the target computer. From here the LM hashes can
be tested against a set of rainbow tables using the popular
rainbowcrack software and audited for password strength. We will also
cover password best practices and prevention methods for this type of

The beauty of our custom
password hash retrieving USB key comes from it's unique use of U3
technology. U3 is relatively new USB flash drive technology developed
by U3 LLC in cooperation with Sandisk and M-Systems. More information
about U3 can be found at the website

It basically uses a portion of the flash drive's memory as a virtual
CD-ROM drive. This allows the Windows autorun feature to work properly,
enabling us to run programs as soon as the drive is inserted into a
computer. The autorun feature does not work properly on standard USB
flash drives so a U3 enabled USB flash drive is required to make this

Good stuff from Hak.5.  They've got the details on how to get it setup and payloads downloadable.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s