Wifi Post Exploitation on Remote PC

Hello readers! Today you will be learning about different ways to get basic service sets information of remote user’s Wi-Fi as well as current network connection information, and how to extract saved Wireless LAN profiles of remote pc after that you will be disconnecting target user’s Wi-Fi too.

First Hack the Victim PC Using Metasploit (tutorial how to hack remote pc) after that get admin access through Bypassuac (click here), once you have victim’s meterpreter session run given below post exploit  one-by-one. 

Get BSS information of a remote user’s Wi-Fi connection

This module gathers information about the wireless Basic Service Sets available to the victim machine.

e.g. this will give you SSID and other important  information regarding wireless connection.

From given below image you can observe that here it has found “5 networks” such as Pen lab, Sinos , Ignite and etc along with there basic details. 

Get current Wi-Fi connection information of a remote user

This module gathers information about the current connection on each wireless lan interface on the target machine.

The given below image has disclose that  “pen Lab” is the current connection though which victim is connected more over it has shown some basic details such as : MAC address of router, Security status, Authentication type and etc.  

Get saved wireless LAN profile of a remote user

This module extracts saved Wireless LAN profiles. It will also try to decrypt the network key material. Behavior is slightly different between OS versions when it comes to WPA. In Windows Vista/7 we will get the passphrase. In Windows XP we will get the PBKDF2 derived key.

From given below image you can see it has extracted the profile of  wifi through which victim is connected moreover it has also decrypted the shared key (password). Hence you can confirm the password for “Pen Lab” is “[email protected]”.  

Disconnect a remote user’s Wi-Fi connection

This module disconnects the current wireless network connection on the specified interface.

From given below image you can confirm that it is disconnecting the victim from current wireless network.

Other Way

I call it a post-exploitation toolkit because it has a lot of features, far beyond the ability to dump plain-text passwords.

This will give you entire wireless connection list with passwords as well.  VOILA! You got it right.

Great!!  From given below image you can confirm that it has dump all shared keys (password)  and authentication of their respective SSID.

About Author

Nisha Yadav is trained in Certified Ethical hacking and Bug Bounty Hunter. She is currently working at Hiddenramp as a Security Analyst. Connect with her here

Leave a Reply

Your email address will not be published. Required fields are marked *