Passwords represent one of the main security barriers we have. They serve to protect our accounts and systems and thus prevent possible intruders from getting access. It is very important that we use keys that are strong and complex, although sometimes we can suffer leaks and are exposed on the network. In this article we are going to talk about USBStealer , a free tool for Windows that allows you to do a Pentesting test of passwords for Microsoft system applications.
Why are passwords important?
Having strong passwords is critical today. We can say that the keys are part of our day to day. We use them to enter social networks, register for Internet services, log in to email, unlock the device… If we use passwords that are weak, repetitive and also exposed, we can compromise our equipment and systems.
The latter, having compromised passwords, is something more common than we would like. On many occasions, Internet services have suffered security breaches. It can also happen that we are using insecure keys, which we have used on other platforms that have previously been compromised.
To manage these keys we can make use of password managers. They are present in desktop systems and also mobile devices. But in this article we are going to focus on a tool called USBStealer whose mission is to extract the passwords that Windows stores.
We already know that Microsoft’s operating system is the most widely used on desktop computers today. We also know that it can store passwords for the browsers we use and for other applications. What USBStealer does is collect those stored keys. A way to put our system to the test and find out what passwords could be available to anyone in case of an attack.
How to use USBStealer
USBStealer is a software that contains what is necessary to extract these passwords . The first thing we have to do is download the files from GitHub . When we open the folder we will find a series of files and icons like the ones we see in the image below.
We can try the one that interests us. For example we will see that there is an application to extract the passwords of Google Chrome or Opera, two of the most popular browsers. Once we open the one that interests us, it will generate a file.
But it not only allows you to extract passwords from browsers, but we can also obtain the browsing history . We can configure it to collect from just one browser or from many. It also allows us to configure the date that interests us.
The WebBrowserPassView tool allows us to see the keys of the browsers. It extracts all the necessary information from the programs that we have installed and that have been stored by Windows. It allows us to see what passwords we have saved in the system.
In short, USBStealer is a tool that has a series of applications to test the passwords that we have stored in browsers and in the Windows operating system itself. It is a simple program to use and that can be used to carry out tests and check what keys might be available in the event of a cyber attack.
How to prevent passwords from being stolen
This tool allows us to know in a way if our passwords may be exposed on the network. Now, how could they steal our keys? There are certain methods that hackers can use to do this. They can use Trojans, keyloggers, Phishing attacks … Luckily we can also take into account tips to avoid being victims of this problem.
Security programs
Something fundamental is always to have security programs installed. A good antivirus can free us from problems of this type that can compromise the security of our systems.
There are many tools that we have at our disposal and it is something that we must apply regardless of the type of operating systems or devices that we are using. The goal here is to prevent the entry of malicious software.
Have everything updated
We must also keep everything updated . This includes the operating system itself, the programs we use and any drivers. Hackers can rely on existing vulnerabilities to steal passwords. Hence the importance of having everything correctly updated to the latest version.
Use strong passwords
Of course the passwords must be strong and complex. It is important that they have letters (upper and lower case), numbers and other special symbols. It must also be unique, since using it elsewhere could be a problem. If the email password is stolen, for example, and we are using it on Facebook, they could also access it.
Key managers
To have strong passwords we can make use of key managers . Not only do they allow us to manage them, but also many of them have password generators, to create them with all the security measures. One more way to avoid being discovered by intruders.
Don’t fall for the trap
The last, but possibly most important thing, is not to fall into the trap. A very common method that hackers use to steal keys is Phishing attacks. It is essential that we avoid falling into these types of errors.
Common sense must always be present. This, together with having a strong password, having updated equipment and security tools, is what will make sure our keys are always protected.
