Collecting all stored WIFI information from an external windows machine using python[Educational Purpose]

Photo by Jeff Hendricks on Unsplash

Hey guys, I have described below is a python script that can take the wifi information from the target window machine and send it via email.

Sending mail from the script

First, we have to import smtplib to work with mail. We need to create an SMTP server instance. For that, I created Google SMTP server since google allows us to use it. After creating the server, we need to initialize the tls. Now, you can log in to your mail. sendmail() is used to send the email with the specific message. after mail sent, we need to quit the server.

You have to ensure the less secure apps allow option is allowed for your mail since you need to log in your mail from the python script.

Now You can send the mail from the python script using the above function.

Using netsh command to get networks names

netsh wlan show profile

The above command in windows will show only the network SSIDs which were connected before to the target machine. We need to get the network SSIDs to get the passwords of each network. When you execute this command in your cmd without python script, it looks like below

User profiles
---------------------
All User Profile     : demo
All UserProfile      : hello_wifi

From this output, we need to get the SSIDs only. We used the regex pattern to extract the SSID. If you look at the above code. The code first executes command using subprocess library of python and saves the output into save_netowork_list_result variable. then It creates the list from the save_netowork_list_result string and split in “\\r\\n”. Loop through the list and with the help of regex, we extract the SSID and put the SSID into network_ssids list.

Get all Information about Network Including password

netsh wlan show profile "network_ssid" key=clear

The above command is used to get information about a particular network. We need to mention the key=clear to get the key of the WLAN network in plain text.

The output of the information had the key under the security settings

Profile demo on interface Wi-Fi:
=======================================================================
Applied: All User Profile
Profile information
-------------------
    Version                : 1
    Type                   : Wireless LAN
    Name                   : demo
    Control options        :
        Connection mode    : Connect automatically
        Network broadcast  : Connect only if this network is broadcasting
        AutoSwitch         : Do not switch to other networks
        MAC Randomization  : Disabled
Connectivity settings
---------------------
    Number of SSIDs        : 1
    SSID name              : "demo"
    Network type           : Infrastructure
    Radio type             : [ Any Radio Type ]
    Vendor extension          : Not present
Security settings
-----------------
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Authentication         : WPA2-Personal
    Cipher                 : GCMP
    Security key           : Present
    Key Content            : password
Cost settings
-------------
    Cost                   : Fixed
    Congested              : No
    Approaching Data Limit : No
    Over Data Limit        : No
    Roaming                : No
    Cost Source            : Operator

How can to get it into our python script

We execute the command to each network_ssid and append to that into the information variable.

Send the information to our Email

We already define the function send_mail(). with this function, we can send the information to our mail. Google SMTP provides to send a mail to your own mail address. we can use the function to send wifi information.

The full script of wifi_information_extractor

If you want to execute the python script, you need a python interpreter. Our victim may not have the python interpreter. So we need to change this to the executable file. For that, we need to install the pyinstaller via command line

python.exe -m pip install pyinstaller

You can install the pyinstaller using above command to install the pyinstaller in your windows machine. You can create the execute version using the following command in cmd after pyinstaller installation

pyinstaller.exe wifi_information_extractor.py --onefile

After executing the above command under the dist directory, you have the execute version of the python script. You can send that to your friends and make fun with them.

ByPassing the antivirus

Bypassing the antivirus is important since otherwise our execute version will be blocked by some good antivirus. Antivirus software is working in different kinds of ways. One way is It takes the script and check that it is spam or not with stored database. Here, we can easily bypass putting unwanted logics in the script to makes unique. Otherway is antivirus takes the script and run it virtually and check the output. This way is a little harder. we need to make the antivirus to belive our script is not harmful to the system. We add logics that are not harmful to the machine and hide our original script. The antivirus takes constant time to test the script. At this time, our not harmful logics should be run otherwise our script will be marked as a harmful one. Below I have added basic codes to believe our script is not harmful.

So after this, you have to again create the executable version.

Happy hacking friends