Finding saved wifi passwords from known hotspots

I recently did some work in a building where the tenants thought they were protecting their wifi by having one of their staff type in the wifi password for me instead of just telling me the password.

I think the logic was that it would stop me handing it out to other people which might then lead to them having lots of unknown users connecting. I’m not sure how much research went into testing how effective their technique was

Here’s how to see the password of any wifis you have previously connected to from your computer (even if you didn’t enter the password yourself)

open up command prompt and run: netsh wlan show profile

This will bring up a list of all the wifi hotspots you have connected to. Then to display the password for one of them run : Netsh wlan show profile xxx key=clear (replace xxx with the name of the wifi from the previous step)

this should reveal the plaintext password in the key content field:

Note: If the key is not shown and instead says something like “security key : present” make sure you are running cmd as administrator

If there are too many hotspots listed to do them manually here is some python to automate their extraction:

https://pastebin.com/embed_js/B1ri6W54

Advertisement

Python directory finder (dirb)

If for some reason you find yourself on a machine you cannot get dirb or dirbuster on here is some quick code for how to achieve similar results using python 3.

It takes a word list from your common.txt file (change the name in the code if needed) and tries to connect to the url you have given it + each line in the .txt file and then gives a positive result if the full url path gives back a response.

The code doesn’t have any sort of rate limiting so if your target has systems in place to block DOS attacks you may start getting false negatives.

#!/user/bin/python
#scans for web directories from a word list
#replace common.txt with your wordlist
#for python 3

import requests

def requests(url):
    try:
        return requests.get("http://" + url)
    except requests.exceptions.ConnectionError:
        pass

target_url = input("Enter Target URL: ")

file = open("common.txt","r")
for line in file:
    word = line.strip()
    full_url = target_url + "/" + word
    response = request(full_url)
    if response:
        print("Discovered directory at this link: " + full_url)

The code comes courtesy of a course on Udemy taught by the very eloquent Eduardo Rosas

Hints and Tips for PythonChallenge level 4

This is a page of hints for the Pythonchallenge.com level 4 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Do not try to manually follow the numbers, there are 100’s

Expand for hint 2

Does Python have a library for reading the content of webpages?

Expand for hint 3

Try Beautiful soup

Expand for hint 4

Can you generate a new url based on what Beautiful soup finds?

Expand for hint 5

Not all the numbers are the same length

Expand for hint 6

The last page doesn’t have anymore numbers

Hints and Tips for PythonChallenge level 3

This is a page of hints for the Pythonchallenge.com level 3 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Anything interesting in the source code?

Expand for hint 2

3 big bodyguards? what could that mean?

Expand for hint 3

Can you open the text in python like in challenge 2?

Expand for hint 4

Can Python search for patterns in text?

Expand for hint 5

Maybe Regex can help?

Expand for hint 6

Exactly 3 bodyguards, not more.

How to install Wine and Python 2.7

Wine is a tool (not an emulator) for running Windows based programs on other non-Windows based operating systems such as Linux. These are the steps to get it installed on Kali Linux with Python 2.7

First add the i386 architecture to your system in case you don’t already have it, the command won’t do anything if you have it already. Skip this first step if that is the case.

Next run apt-get update:

apt-get update

To update your repositories for Linux. This will make sure you get the latest version of Wine.

Install the Wine package using apt-get install wine32. This could take a few minutes depending on your internet connection and you will be asked to confirm the install near the start.

apt-get install wine32

Once installed you should see wine in the /root/.wine folder with a Windows C:/ structure inside it:

The next stage is to download and install Python into your Wine install. Visit the Python download page at:

https://www.python.org/downloads/release/python-2714/

and download the Windows x86 MSI Installer. The file is only 19MB in size so should come down very quickly.

Now navigate to your downloads folder in the terminal and install it using wine msiexec /i python-2.7.14.msi

wine msiexec /i python-2.7.14.msi

The install wizard should appear and unless you have some specific requirements for the install you can just hit next, next, next, finish through the windows.

Once the install is complete you can confirm it’s there by navigating to the new Python folder within the Wine directory:

 

 

Hints and Tips for PythonChallenge level 0

This is a page of hints for the Pythonchallenge.com level 0 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Numbering in python starts at 0 and goes up.

Expand for hint 2

The URL bar is normally shown at the top of your browser, can you manually edit it?

Expand for hint 3

The aim is to get to page for the next level.

Expand for hint 4

Python has many mathematical operators.

Expand for hint 5

a single * is for multiplication, a double ** is for something else.

Expand for hint 6

If you think your maths has worked, try editing the URL once again

Python port scanner – raw code with explanation

If you ever find yourself without access to Nmap here is some quick python code for testing the up/down status of 1000 TCP ports on a target host. The code is explained at the bottom:

#!/usr/bin/python

import socket
from termcolor import colored

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.setdefaulttimeout(1)

host = input(“Enter the target host: “)

def portscanner(port):
if sock.connect_ex((host,port)):
print(colored(“Port %d is closed” % (port), ‘red’))
else:
print(colored(“port %d is open” % (port), ‘green’))

for port in range(1,1000):
portscanner(port)

Explanation:

import socket
from termcolor import colored

These 2 libraries are responsible for creating the connection to the target and for allowing us to add colour to the output

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.setdefaulttimeout(1)

Sets the connection to use IP4 and sets the timeout to 1 second so you don’t get stuck waiting for connection requests to time out

host = input(“Enter the target host: “)

This is the prompt which you see when you run the code, it adds the input to the ‘host’ variable

def portscanner(port):
if sock.connect_ex((host,port)):
print(colored(“Port %d is closed” % (port), ‘red’))
else:
print(colored(“port %d is open” % (port), ‘green’))

Here is the main function. Instead of testing for a successful connection it looks for a failure, if so it reports that the port is closed. If anything else comes back it assumes the port is open and reports that.

for port in range(1,1000):

Sets the script to scan ports 1- 1000, you can change this to specific numbers or increase the range up to 65535