redpill Hacker has various tools and methods to get usernames and passwords from a target computer. In this article I will briefly discuss the different methods of retrieving passwords using redpill Hacker.
Payload with Key Logger
redpill Hacker allows you to create a payload that will remotely install a key logger on the target computer. Everything that is typed on the computer will be recorded and secretly emailed to you including usernames and passwords.
Saved keywords will not be retrieved (this action increases the detection rate), instead you can use the 'Retrieve Saved Passwords' template in redpill Hacker.
When you use the 'Retrieve Saved Passwords' Social Engineering Template, redpill Hacker will do the following:
- It will create a payload that looks like a Virus Removal Tool.
- redpill Hacker will then email the target the payload and explain that there is a virus that steal passwords doing the rounds.
- It will then instruct the target to temporarily disable his Anti Virus as normal Anti Virus does not detect the virus and it needs to be disabled to allow the virus tool to scan and remove the virus.
- The tool will then run - it will loot to the target like a virus is being removed - but the key logger will secretly be installed.
- The target will then be instructed to change all his passwords as the virus was found and his passwords was possibly already compromised.
- As the target change each of his passwords, the key logger will email you the website or application used and the new username and password.
Password Phishing Website
The Password Phishing Website is a tool in redpill Hacker that creates a type of portal website that retrieve the target's username and password before redirecting him to the website he intended to go to. This tool has a very high success rate as nothing is installed (no warnings or problems with anti virus) and it works on all devices.
For more information on how this works read: Password Phishing Website in redpill Hacker
redpill Hacker has a document grabber payload. It is a lightweight payload - that means it gets past 95% of anti-virus and does not cause a UAC warning message to pop up.
The thing that makes a lightweight difficult to detect and stop is the fact that it is ... well, lightweight. It goes in with one single task, performs the task and then disappears. It does not try to install itself in order to keep on running or do anything else.
The task that the document grabber performs is to retrieve all the documents in the Documents folder and all the sub folders.
What does that have to do with passwords? You will be amazed to find out how many computer users have a document in their Documents folder or one of the sub folders with a list of all their usernames and passwords in case they forget them.
To find out more about redpill Hacker go to www.redpill.co.za