diff --git a/winPEAS/winPEASexe/winPEAS/Program.cs b/winPEAS/winPEASexe/winPEAS/Program.cs index b9d711f..fce782a 100755 --- a/winPEAS/winPEASexe/winPEAS/Program.cs +++ b/winPEAS/winPEASexe/winPEAS/Program.cs @@ -1649,21 +1649,25 @@ namespace winPEAS { try { - Beaprint.MainPrint("Looking saved Wifis"); + Beaprint.MainPrint("Looking for saved Wifi credentials"); if (exec_cmd) { - Dictionary colorsC = new Dictionary() + Dictionary networkConnections = Wifi.Retrieve(); + Dictionary ansi_colors_regexp = new Dictionary(); + + //Make sure the passwords are all flagged as ansi_color_bad. + foreach (var connection in networkConnections) { - { ": .*", Beaprint.ansi_color_bad }, - }; - Beaprint.AnsiPrint(" " + MyUtils.ExecCMD("wlan show profile", "netsh.exe"), colorsC); + ansi_colors_regexp.Add(connection.Value, Beaprint.ansi_color_bad); + } + Beaprint.DictPrint(networkConnections, ansi_colors_regexp, false); } else { Beaprint.GrayPrint(" This function is not yet implemented."); Beaprint.InfoPrint("If you want to list saved Wifis connections you can list the using 'netsh wlan show profile'"); + Beaprint.InfoPrint("If you want to get the clear-text password use 'netsh wlan show profile key=clear'"); } - Beaprint.InfoPrint("If you want to get the clear-text password use 'netsh wlan show profile key=clear'"); } catch (Exception ex) { @@ -2434,7 +2438,6 @@ namespace winPEAS /* - * Wifi (passwords?) * Keylogger? * Input prompt ==> Better in PS * Cretae list of malicious drives that could allow to privesc? diff --git a/winPEAS/winPEASexe/winPEAS/Wifi.cs b/winPEAS/winPEASexe/winPEAS/Wifi.cs new file mode 100644 index 0000000..15c232f --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/Wifi.cs @@ -0,0 +1,55 @@ +using System.Collections.Generic; +using System.Text.RegularExpressions; +namespace winPEAS +{ + class Wifi + { + public static Dictionary Retrieve() + { + Dictionary connections = new Dictionary(); + foreach (string ssid in GetSSIDs()) + { + string password = GetPassword(ssid); + connections.Add(ssid, password); + } + + return connections; + } + + private static IEnumerable GetSSIDs() + { + string args = "wlan show profiles"; + string result = MyUtils.ExecCMD(args, "netsh"); + Regex regex = new Regex(@"\s+:\s+([^\r\n]+)", RegexOptions.Multiline); + MatchCollection matches = regex.Matches(result); + List ssids = new List(); + + for (int i = 0; i < matches.Count; i++) + { + if (matches[i].Groups.Count > 0 && !string.IsNullOrWhiteSpace(matches[i].Groups[1].Value)) + { + ssids.Add(matches[i].Groups[1].Value); + } + } + + return ssids; + } + + private static string GetPassword(string ssid) + { + string args = $@" wlan show profile name=""{ssid}"" key=""clear"""; + string result = MyUtils.ExecCMD(args, "netsh"); + Regex regex = new Regex(@"Key Content\s+:\s+([^\r\n]+)", RegexOptions.Multiline); + MatchCollection matches = regex.Matches(result); + string password = string.Empty; + + if (matches.Count > 0 && matches[0].Groups.Count > 1) + { + password = matches[0].Groups[1].Value; + } + + return password; + } + + } +} diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj index 4c7371b..3aa6459 100755 --- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj +++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj @@ -155,6 +155,7 @@ +