Usually, the connection is made automatically to your wireless network every time. What if you need to login to the network with a new device, or you havea guest and need to give him / her your wifi password, but you don't remember it. It sounds frustrating, but actually it is not a big problem. When you have lost your wifi password,download WiFi password revealer to recover all your saved WiFi passwords.

WiFi Password Decryptor. WiFi Password Decryptor is the free software to instantly recover your lost Wireless account passwords stored on your system. It automatically recovers all type of Wireless Keys/ Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager. After the successful recovery you can save the password list to.

I solved the issue. We can import any WIFI and SSID that is setted to file /boot/wifikeyfile.txt. An example forwifikeyfile.txt is. Ssid='WIFI BASE SSID' psk='Secret Key'. Wordlists, weakpass, bruteforce, password list. Home Download Search. Now You can See The Full Interface of CVW. Using This Software We Can Hack Wifi Password. To Capture Wifi packets which You want To Hack, You need To Click Start Button on the Top Left Corrner. After Start The Capturing, The Wifi List Apper With The Channal Number. Here You Need To Select Your WiFi You Want To Hack WiFi.

Download

Installer v 1.0.0.13 (3.9 Mb)

How to find wifi password with WiFi password finder?

When you need to retrieve your wireless password, and you have a different options to find it manually in deep settings of your computer.Or you can reset your router and start from the beginning to entering a long information.If you lost the password to your Wi-Fi network, you would be able to find it with Wi Fi Password Finder tool. The installation procedure will take a short timeand when you run this application you will immediately receive all the saved passwords to your wireless network (which you have entered in the past).Information about a network can also be saved to a file. At the program list right-mouse click and then 'Save as...' option allows to save the file toMicrosoft Excel (*.xls), HTML (*.html), comma-separated file (*.csv), Text file (*.txt) file types in any location.In the context menu, you can simply copy selected password or copy selected cell.

What WiFi Password Finder can find?

Besides recovering the lost passwords to your wireless network, you are able to find a lot of more useful information.For every network (to which you have login and entered the password in the past) the program will show also SSID (Service Set IDentifier), Password, Authentication type,Encryption method and Connection type. The program can decrypt the following security type's: WEP, WPA, WPA2, WPA-PSK, WPA2-PSK.

WiFi Password Finder is fast and easy to use tool. You will be able to find the wifi passwords in seconds.Is a totally free software and can be used on all Windows operating systems (Windows XP, Vista, Windows 7 and Windows 8, 8.1) and available for both 32-bit and 64-bit.
Few notices:

• To decrypt stored passwords on the machine you are scanning, you need to have Administrator rights.
• For Windows 2003 Server and Windows XP users: When the network has WPA encryption the retrieved password will be as 64 HEX digits. You can still use these characters like real password for internet connection. And this is not kind of bug since Windows XP can't convert WPA back the original password. But this HEX digits still can be usedinstead of real password.

Yesterday afternoon I discovered that Pastebin has what they call the Pastes Archive that is just a listing of the last 20 or so things people have uploaded and given the popularity of the site this means you can kind of just sit here and refresh every minute and get something new. I was honestly surprised by the amount of text based porn ads someone had set up a bot to post along with fan fiction writing, someones bash file for installing build-essentials twice (???), and a wide variety of scripts, functions, and lots of hello worlds. It was a fun time killer and I figured maybe if I revisit this from time to time I would actually get something useful out of it and I wouldn’t get sucked into it for over an hour like I do on /r/CatsWhoYell.

What’s on Pastebin this morning?

This morning when I woke up I still had the page open so I refreshed to see what would pop up.

And apparently I’m a lucky man because 19 seconds prior to me refreshing someone posted a file conspicuously named wifi.PS1

This is for educational purposes DO NOT do this to a machine you do not have permission on!

Now then a PS1 file typically signifies it’s going to be run in PowerShell and if someone is posting a PowerShell file named “wifi” it can really mean only a few things.

1. Someone got tired of configuring the Wi-Fi on all the PC’s in a building and wrote a script to do it so they could quickly apply it
2. Someone wrote a script for doing the typical trouble shooting steps for Wi-Fi for them
3. Someone needs the MAC address so that they can whitelist the machine on the network
4. Someone needs to extract the Wi-Fi information from a machine

Well we got #4 but if someone has #2 please email me because I could use a script for that on my relatives machines.

As a quick aside from someone who mostly uses bash based terminals in Linux, PowerShell has a lot of the same command names unlike CMD which is part of why Microsoft would prefer it if we all forgot about CMD.

Let’s walk through this script:

1. It’s changing directory to root (C drive for example) then making a directory called x64 and entering it
2. Uses wget to download another pastebin file (raw gives you the raw text) and it’s storing it as wifi.bat
3. Now it runs the wifi.bat file
4. Remove-ItemProperty is a command for clearning a Windows Registry entry, in this script they are clearing RunMRU which stands for “Run Most Recently Used” and is the history keeper for commands ran via start. They are also telling it to do it based on Name with a wildcard (*) and if any error is encountered it should supress the error and move on

As an example here is my RunMRU

This is the part where things get interesting, that raw Pastebin is actually being obfuscated!

I know this is not a one way hash and it has to be something PowerShell can actually interpret without doing any complex decoding. It’s clearly not hex which leaves us with the next most common candidate, base64.

So I open up good ol CyberChef and throw the blob into the input and drag over “From Base64” and ta da we get our batch file!

So let’s walk through this:

1. netsh wlan export profile key=clear is a really cool command that dumps your Wi-Fi information, including plaintext password, to an XML file inside of whatever directory you are in.
2. This is printing a message into a file called wifipass.txt (more on who Exploitech is later)
3. These next four lines are parsing every .xml file in the folder and appending it to the wifipass.txt file
4. This next section is for sending wifipass.txt file to themselves. It’s pretty straightforward, they establish that they wish to connect to the gmail SMTP server and provide the login credentials and attach the wifipass.txt then send the email. I’ve changed out their credentials with some fake ones.
5. Remove the XML files along with two files called w.txt and w.PS1 then wipe the RunMRU

However, this does not work!

The issue is that they are saving and executing wifi.bat as a batch file, however

will only work in Powershell.

I made a defanged version of the script that removes the emailing portion and cleanup to demonstrate.

As you can see wifipass.txt is empty except for that initial echo header text.If we run the batch file on it’s own we see the following

However this can be easily corrected to run properly by renaming it to wifiExtract.PS1 and modifying our execution script

Now that I had this I started wondering:

1. Who is Exploitech
2. Why is someone using a broken payload

A quick Google search made it clear pretty quick

Watching the video it’s easy to see that originally Exploitech had meant for the obfuscated code to be executed as such

The person who made the one I found had simply been incapable of actually following directions or had decided they wanted to modify it in their own way but they didn’t really know what they were doing.

Making it Better

So this set of scripts is pretty cool but I think I could make them better.

I made a fork which you can find here on GitHub.

Explorer.PS1

SystemDriver.PS1

Example Output

So what did I change?

For starters they’re using rm which doesn’t fully delete the file, it is only sending it to the Windows Recycle Bin. Instead of using rm I used Remove-Item, this will delete an item and bypass the Recycle Bin. So now the script fully cleans up after itself.

Wifi Password Txt Files

Next I did not like the odd use of a batch file. Watching the video they for some reason decided to post the Base64 blob + the lines to decode into the same Pastebin post, which meant there was nothing really being obfuscated as anyone who downloaded and ran the paste as a batch file would get the nonobfuscated version… So now it is configured such that you just host the raw base64 blob somewhere like Pastebin and it will download that and save it as a text file which it will then convert to it’s UTF8 form and write back into a PowerShell file followed by executing it.

Inside the SystemDriver.PS1 I had it grab two extra lines of information from the profile export, the authentication and encryption methods. That way you can make sure you configure your settings before attempting to connect to any Wi-Fi point or if you want to try and do an evil twin attack. Which leads to my next feature for the output which was adding the driver information for wlan so you could see what hardware the computer has if you wanted to use it as a Wi-Fi hotspot for either yourself or as an evil twin access point.

Finally I updated the formating on the SMTP section simply because it looked messy and I didn’t like entering the same info multiple times.

I have some ideas on how to maybe further flesh this out but it might actually be best to turn it into a set of network pentesting related scripts instead of just Wi-Fi.

Hopefully if you made it this far you enjoyed the post and learned something like I did, if you’re curious about why it is Wi-Fi passwords are stored like this I asked on the security StackExchange and got back some great answers!

Until next time,

Wifi Password Txt File

Jesse “Wazanator” Culver