Skip to main content

Hacking tools to get usernames and passwords



redpill Hacker has various tools and methods to get usernames and passwords from a target computer. In this article I will briefly discuss the different methods of retrieving passwords using redpill Hacker.

Payload with Key Logger

redpill Hacker allows you to create a payload that will remotely install a key logger on the target computer. Everything that is typed on the computer will be recorded and secretly emailed to you including usernames and passwords.

Saved keywords will not be retrieved (this action increases the detection rate), instead you can use the 'Retrieve Saved Passwords' template in redpill Hacker.

When you use the 'Retrieve Saved Passwords' Social Engineering Template, redpill Hacker will do the following:

  1. It will create a payload that looks like a Virus Removal Tool.
  2. redpill Hacker will then email the target the payload and explain that there is a virus that steal passwords doing the rounds.
  3. It will then instruct the target to temporarily disable his Anti Virus as normal Anti Virus does not detect the virus and it needs to be disabled to allow the virus tool to scan and remove the virus.
  4. The tool will then run - it will loot to the target like a virus is being removed - but the key logger will secretly be installed.
  5. The target will then be instructed to change all his passwords as the virus was found and his passwords was possibly already compromised. 
  6. As the target change each of his passwords, the key logger will email you the website or application used and the new username and password.


Password Phishing Website

The Password Phishing Website is a tool in redpill Hacker that creates a type of portal website that retrieve the target's username and password before redirecting him to the website he intended to go to. This tool has a very high success rate as nothing is installed (no warnings or problems with anti virus) and it works on all devices.

For more information on how this works read: Password Phishing Website in redpill Hacker

Document Grabber

redpill Hacker has a document grabber payload. It is a lightweight payload - that means it gets past 95% of anti-virus and does not cause a UAC warning message to pop up.

The thing that makes a lightweight difficult to detect and stop is the fact that it is ... well, lightweight. It goes in with one single task, performs the task and then disappears. It does not try to install itself in order to keep on running or do anything else.

The task that the document grabber performs is to retrieve all the documents in the Documents folder and all the sub folders.

What does that have to do with passwords? You will be amazed to find out how many computer users have a document in their Documents folder or one of the sub folders with a list of all their usernames and passwords in case they forget them.

To find out more about redpill Hacker go to www.redpill.co.za

Comments

Popular posts from this blog

How to remotely install spy software

---------------------------------------------------------------------------------------------- Update (2015/07/07):  redpill now has a new and better product for installing spy software remotely: redpill Hacker
You can also have a look at newer articles with better tools at:
http://spysoftware.redpill.co.za -----------------------------------------------------------------------------------------------
In a previous article we discussed how to get usernames and passwords from other users on a computer you have access to. We will now look at how to install spy software on a computer you do not have access to … even if the computer is on the other side of the world.

Step 1: Get quality Spy Software

You will need quality spy software that can be remotely installed and is not easily detected and removed by anti-virus. There are a couple of key loggers that can be installed remotely, but very few that can secretly be remotely installed.

redpill Detective has been designed to be covertly installed…

Sending a spy program with gmail

To install a spy program remotely you need to email the target an install module. Spy software like redpill Agent and redpill Detective allows you to hide the install module within a 'cover application' . When emailing the target the install module, you will need either zip the file, embed it into wordpad or send it as a link as most email service providers doesn't allow you to add executables (exe's) as attachments.

To see how to send the spy program as a link see 'Installing spy software with a link'.
To see how to embed the spy program in wordpad, see  'How to remotely install spy software'.

Using a zipped file for the attachment can be a problem when either you or your target is using gmail as gmail will block attachments that contain executables even when they are zipped.

There is however a simple solution to the problem:

Add a password to your zip file

In winrar and winzip you can choose to add a password to your zip/rar file. When you add a passwo…

How to get a username and password

---------------------------------------------------------------------------------------------- Update (2015/07/07):  redpill now has a new and better product available: redpill Hacker

You can also see more up to date articles at:
http://spysoftware.redpill.co.za
-----------------------------------------------------------------------------------------------
This article will explain how to get a username and password for an email account like gmail or yahoo or a social network account like facebook.

In this article we will focus on getting a username and password of another user (the target) on a computer that you have access to. In a following article we will explain how to get a username and password from someone that works on a computer that you do not have access to that might be in another part of the world.

Step 1: Install a key logger

You will need to download and install a key logger that is not easily detected by anti-virus software and that is completely hidden and discreet
redpil…