In this article, you will learn how an attacker can gain access to steam account going around Steam guard and "clean" it. Two things are needed for this:
1) Direct access to a computer.
2) The password must be saved in the Steam client, i.e. there was a checkmark "remember my password".
We need to get the following files:
C: \\ Program Files \\ Steam \\ config \\ config.vdf
C: \\ Program Files \\ Steam \\ config \\ loginusers.vdf
C: \\ Program Files \\ Steam \\ config \\ SteamAppData.vdf
As well as a hidden file C: \\ Program Files \\ Steam \\ ssfn ****. Need exactly hidden file. If you hidden files and folders are not displayed by default, then google.
You can access your computer in various ways, whether it’s RATs, stylers, file grabbers, social engineering, or you just let your friend play for your computer. Social example Engineering: choose a victim with decent gear in Dota 2 or the game you are interested in, compose from three boxes that you know how to duplicate things, ask for these files for dupes, well, in the same vein ..
To log into the victim’s account from your computer:
1) Close the Steam client.
2) Delete the folders:
C: \\ Program Files \\ Steam \\ config
C: \\ Program Files \\ Steam \\ appcache
C: \\ Program Files \\ Steam \\ userdata
3) Create a new folder C: \\ Program Files \\ Steam \\ config
4) We throw victim files there
5) We throw the victim file in C: \\ Program Files \\ Steam \\ ssfn
6) Launch the Steam client
7) PROFIT! You have bypassed password entry and Steam Guard verification!
In such a tricky way you can bypass Steam Guard.
Files "ssfn" - bypass the Steam Guard check
Files from the config folder - bypass password entry.
How to protect yourself from theft of things in case of hacking: need to set a PIN code. This code will protect access to your settings, Steam store, things, etc.
How to set a PIN code on Steam:
Go to Steam-\u003e Steam-\u003e Settings-\u003e Family-\u003e Manage Family View
Uncheck all the boxes and select "Only those games that I choose" and click "Continue."
Then mark the most unnecessary game and click "Continue." Enter the PIN code twice. Write it down somewhere, if you forget to restore it is possible only through support. Your account is now protected from hacking.
How to get around password entry and Steam Guard verification?
Imagine this situation: We have access to someone else’s computer with Steam and want to log into this account without entering a password and Steam Guard "A. How to organize this:
1) We need the following files from his computer:
"C: /Steam/config/config.vdf"
"C: /Steam/config/loginusers.vdf"
"C: /Steam/config/SteamAppData.vdf"
"C: / Steam / ssfn *" (Needed hidden ssfn files, exactly hidden) (see how to view hidden files on Windows on the Internet, there’s nothing complicated !!!)
Also, if our friend has more ssfn files, then take everything (although by default 2)2) To enter the victim’s account from your computer:
2.1) Close the Steam client.
2.2) Delete the folders:
"C: / Steam / config /"
"C: / Steam / appcache /"
"C: / Steam / userdata /"
2.3) Create the folder "C: / Steam / config"2.4) We throw victim files there
2.5) We throw in the "C: / Steam" ssfn file of the victim
2.6) We launch the Steam client
2.7) Done! You have bypassed password entry and Steam Guard verification!
You can exchange things!
Files "ssfn" - bypass the Steam Guard check
Files from the config folder - bypass password entryImportant! If the victim did not check "Save password" when entering a pair of log: pass - logging into the account by copying files from the "config" folder will fail.
Reference:
* ssfn file - guard file. It has no extension and is written to the root of the folder.
* For each pair login: pass - its ssfn files.
* When passing the Steam Guard check, two ssfn files are created in the root of the Steam folder: 1 file is hidden, 1 is not. We need a hidden one. This file is all Steam Guard protection.
* Files from the "config" folder are created upon login to the Steam account. If you put them in your folder, then when you start the client, we automatically find ourselves in the account.
P.S. Also in this way you can simultaneously sit together or even more in one account!How to get these files:
You’ll ask how it is possible to get these files from computers of other users, well, there’s a lot to be said for, in fact I know 2 approaches, 1 relate to social engineering, the second more to the technical part
1) It is important to be able to convince. Here is one such example:
We are looking for a person with good equipment in Dota 2 or CS: GO. Well, or just some kind of naive person. And we tell him that you know how you can duplicate things in DotA 2 by intercepting file packages and other things (no matter how funny people believe) and say that if you drop these files specifically, then things from your inventory will also be transferred to you, and that it’s possible to do a lot of things like that, well, I think the average layman (not about the trader and expert) in most cases will agree to transfer you some files for the sake of experiment, etc., well, then you know what to do. - This method is very suitable for people who can speak teeth!
2) Well, everything is simple, these are elementary viruses that will allow you to get these files from your computer. I won’t explain where to get them and how and what, the Internet also has a lot about this.
As for this, I think everything, I hope you come up with something else, and find a use for this.
How to protect yourself from this:
In case you got a virus or you somehow took these files!
The only option to protect your account from hacking and loss of things is to put PIN in Steam.
Using this function, every time you enter Steam from a website or client, you will have to enter a four-digit code to access the inventory, Steam store, settings, and other functions. There is no PIN bypass yet. Due to this, the cracker will not be able to steal your things without knowing the PIN code.
How to put it:
Go to Steam-\u003e Steam-\u003e Settings-\u003e Family-\u003e Manage Family View
Uncheck all the boxes and select "Only those games that I choose" and click "Continue."Next, mark the most unnecessary game and click "Continue." Enter the PIN twice.
You need to take this seriously enough. If you forget your code, you will need to write to Steam Support to reset it.
Done! Now you are protected from crackers! Always check the site address and do not fall for the tricks of scammers!
How to get around password entry and Steam Guard verification?
Imagine this situation: We have access to someone else's computer with Steam and want to log into this account without entering a password and Steam Guard "A. How to organize this:
1) We need the following files from his computer:
"C: /Steam/config/config.vdf"
"C: /Steam/config/loginusers.vdf"
"C: /Steam/config/SteamAppData.vdf"
"C: / Steam / ssfn *" (Needed hidden ssfn files, exactlyhidden) (see how to view hidden files on Windows on the Internet, there’s nothing complicated !!!)
Also, if our friend has more ssfn files, then take everything (although by default 2)
2) To enter the victim’s account from your computer:
2.1) Close the Steam client.
2.2) Delete the folders:
"C: / Steam / config /"
"C: / Steam / appcache /"
"C: / Steam / userdata /"
2.3) Create the folder "C: / Steam / config"
2.4) We throw victim files there
2.5) We throw in the "C: / Steam" ssfn file of the victim
2.6) We launch the Steam client
2.7) Done! You have bypassed password entry and Steam Guard verification!
You can exchange things!
Files "ssfn" - bypass the Steam Guard check
Files from the config folder - bypass password entry
Important! If the victim did not check "Save password" when entering a pair of log: pass - logging into the account by copying files from the "config" folder will fail.
Reference :
* ssfn file - guard file. It has no extension and is written to the root of the folder.
* For each pair login: pass - its ssfn files.
* When passing the Steam Guard check, two ssfn files are created in the root of the Steam folder: 1 file is hidden, 1 is not. We need a hidden one. This file is all Steam Guard protection.
* Files from the "config" folder are created upon login to the Steam account. If you put them in your folder, then when you start the client, we automatically find ourselves in the account.
P.S. Also in this way you can simultaneously sit together or even more in one account !
How to get these files:
You’ll ask how it’s possible to get these files from computers of other users, well, there’s a lot to do, in fact I know 2 approaches, 1 relate to social engineering, the second more to the technical part
1) It is important to be able to convince. Here is one such example:
We are looking for a person with good equipment in Dota 2 or CS: GO. Well, or just some kind of naive person. And we tell him that you know how you can duplicate things in DotA 2 by intercepting file packages and other things (no matter how funny people believe) and say that if you drop these files specifically, then things from your inventory will also be transferred to you, and that it’s possible to do a lot of things like that, well, I think the average layman (not about the trader and expert) in most cases will agree to transfer you some files for the sake of experiment, etc., well, then you know what to do. - This method is very suitable for people who can speak teeth!
2) Well, everything is simple, these are elementary viruses that will allow you to get these files from your computer. I won’t explain where to get them and how and what, the Internet also has a lot about this.
As for this, I think everything, I hope you come up with something else, and find a use for this.
How to protect yourself from this:
In case you got a virus or you somehow took these files!
The only option to protect your account from hacking and loss of things is to put PIN in Steam.
Using this function, every time you enter Steam from a website or client, you will have to enter a four-digit code to access the inventory, Steam store, settings, and other functions. There is no PIN bypass yet. Due to this, the cracker will not be able to steal your things without knowing the PIN code.
How to put it:
Go to Steam-\u003e Steam -\u003e Settings -\u003e Family -\u003e Family View Management
Uncheck all the boxes and select " Only the games I choose"and click" Continue. "
How to get around password entry and Steam Guard verification?
Imagine this situation: We have access to someone else’s computer with Steam and want to log into this account without entering a password and Steam Guard "A. How to organize this:
1) We need the following files from his computer:
"C: /Steam/config/config.vdf"
"C: /Steam/config/loginusers.vdf"
"C: /Steam/config/SteamAppData.vdf""C: / Steam / ssfn *" (Needed hidden ssfn files, exactly hidden) (see how to view hidden files on Windows on the Internet, there’s nothing complicated !!!)
Also, if our friend has more ssfn files, then take everything (although by default 2)
2) To enter the victim’s account from your computer:2.1) Close the Steam client.
2.2) Delete the folders:
"C: / Steam / config /"
"C: / Steam / appcache /"
"C: / Steam / userdata /"2.3) Create the folder "C: / Steam / config"
2.4) We throw victim files there
2.5) We throw in the "C: / Steam" ssfn file of the victim
2.6) We launch the Steam client
2.7) Done! You have bypassed password entry and Steam Guard verification!
You can exchange things!
Files "ssfn" - bypass the Steam Guard check
Files from the config folder - bypass password entryImportant! If the victim did not check "Save password" when entering a pair of log: pass - logging into the account by copying files from the "config" folder will fail.
Reference:
* ssfn file - guard file. It has no extension and is written to the root of the folder.
* For each pair login: pass - its ssfn files.
* When passing the Steam Guard check, two ssfn files are created in the root of the Steam folder: 1 file is hidden, 1 is not. We need a hidden one. This file is all Steam Guard protection.
* Files from the "config" folder are created upon login to the Steam account. If you put them in your folder, then when you start the client, we automatically find ourselves in the account.
P.S. Also in this way you can simultaneously sit together or even more in one account!How to get these files:
You’ll ask how it is possible to get these files from computers of other users, well, there’s a lot to be said for, in fact I know 2 approaches, 1 relate to social engineering, the second more to the technical part
1) It is important to be able to convince. Here is one such example:
We are looking for a person with good equipment in Dota 2 or CS: GO. Well, or just some kind of naive person. And we tell him that you know how you can duplicate things in DotA 2 by intercepting file packages and other things (no matter how funny people believe) and say that if you drop these files specifically, then things from your inventory will also be transferred to you, and that it’s possible to do a lot of things like that, well, I think the average layman (not about the trader and expert) in most cases will agree to transfer you some files for the sake of experiment, etc., well, then you know what to do. - This method is very suitable for people who can speak teeth!
2) Well, everything is simple, these are elementary viruses that will allow you to get these files from your computer. I won’t explain where to get them and how and what, the Internet also has a lot about this.
As for this, I think everything, I hope you come up with something else, and find a use for this.
How to protect yourself from this:
In case you got a virus or you somehow took these files!
The only option to protect your account from hacking and loss of things is to put PIN in Steam.
Using this function, every time you enter Steam from a website or client, you will have to enter a four-digit code to access the inventory, Steam store, settings, and other functions. There is no PIN bypass yet. Due to this, the cracker will not be able to steal your things without knowing the PIN code.
How to put it:
Go to Steam-\u003e Steam-\u003e Settings-\u003e Family-\u003e Manage Family View
Uncheck all the boxes and select "Only those games that I choose" and click "Continue."Next, mark the most unnecessary game and click "Continue." Enter the PIN twice.
You need to take this seriously enough. If you forget your code, you will need to write to Steam Support to reset it.
Done! Now you are protected from crackers! Always check the site address and do not fall for the tricks of scammers!
