Track Usb Drive (Pendrive) users by using Trojans or a combination of Batch and Autorun files.
I got an interesting email from my blog reader Reynold who asked me that how he can track usb drives (pendrive) users who used his USB drive after he has given it to someone. He wanted to get the usernames of the accounts where the pendrive was used. I thought for a while and told him that he can achieve this feat either by using Trojans or a combination of Batch and Autorun files. However,you must advise users to not to format the pendrive in order for this to work.The second option of Batch files was easy and less suspicious.So Here is how I made it possible to get the usernames when the pendrive was plugged into the PC –
Create an autorun.inf file on the root of your flash drive/Pendrive with the following contents:
action=Open folder to view files
Now, create a batch file called username.bat with the following contents:
start “Explorer” %SystemRoot%explorer.exe
NOTE : The Last Line of the code is optional which will open the explorer in a new window.
Save both file and you are good to go. Now whenever a user plugs your pendrive into their PC,it will display an autoplay option indicating that they have to click on the icon to open the drive to view its contents. A small DOS window will flash for a moment and then disappear.Now If you go into the root of the drive, you will find a new file called users.dat which will record the user names of all the users who have accessed your drive by clicking on the icon. You can open the DAT file using notepad and view its contents.
However..This is not a fool proof method as some geeks disable the autoplay option (or disable writing to USB drives) ,or they just bypass it by pressing RISHT SHIFT key when the pendrive is connected and hence their name will not be recorded or they can delete the users.dat file. But that said,it will work fine nevertheless 🙂
NOTE 2 : Umm..I think the above code is way too easy and harmless,why not to get creative and create a batch file which will even change the password ?(DOS NET commands) or even wipe out system32 of your nemesis (cacls command) ?
Rishabh Dangwal is a no-nonsense network geek who has got a thing for guitars, retro games and emulators. When he is not tinkering with devices and gadgets, he can be found reading novels by Fredrick Forsyth.
Follow him on Facebook | Twitter
Website : Theprohack