As part of the information security course I’m taking in college I’ve had to steal a user’s OS password and mail it to me.
I’ve decided not to write much code of my own and rather used pwdump to generate a password dump, and then blat to mail it to myself.
I wrote an app that lunches in a hidden console window, then downloads the main stealer app that in turn downloads pwdump and blat and then runs them in succession.
The dropper file then deletes all files generated.
In order to hide my app, I’ve injected it with inpect into a mahjong game installer. I’ve not implemented any type of fuzzing to avoid AV as it was not in our scope. But it wouldn’t have been hard.
The file to download is part of this post, but is password protected. I will post sources in a later post.