Finding saved wifi passwords from known hotspots

I recently did some work in a building where the tenants thought they were protecting their wifi by having one of their staff type in the wifi password for me instead of just telling me the password.

I think the logic was that it would stop me handing it out to other people which might then lead to them having lots of unknown users connecting. I’m not sure how much research went into testing how effective their technique was

Here’s how to see the password of any wifis you have previously connected to from your computer (even if you didn’t enter the password yourself)

open up command prompt and run: netsh wlan show profile

wifi1

This will bring up a list of all the wifi hotspots you have connected to. Then to display the password for one of them run : Netsh wlan show profile xxx key=clear (replace xxx with the name of the wifi from the previous step)

this should reveal the plaintext password in the key content field:

wifi2

Note: If the key is not shown and instead says something like “security key : present” make sure you are running cmd as administrator

If there are too many hotspots listed to do them manually here is some python to automate their extraction:

https://pastebin.com/embed_js/B1ri6W54

Python directory finder (dirb)

If for some reason you find yourself on a machine you cannot get dirb or dirbuster on here is some quick code for how to achieve similar results using python 3.

It takes a word list from your common.txt file (change the name in the code if needed) and tries to connect to the url you have given it + each line in the .txt file and then gives a positive result if the full url path gives back a response.

The code doesn’t have any sort of rate limiting so if your target has systems in place to block DOS attacks you may start getting false negatives.


#!/user/bin/python
#scans for web directories from a word list
#replace common.txt with your wordlist
#for python 3

import requests

def requests(url):
    try:
        return requests.get("http://" + url)
    except requests.exceptions.ConnectionError:
        pass

target_url = input("Enter Target URL: ")

file = open("common.txt","r")
for line in file:
    word = line.strip()
    full_url = target_url + "/" + word
    response = request(full_url)
    if response:
        print("Discovered directory at this link: " + full_url)

The code comes courtesy of a course on Udemy taught by the very eloquent Eduardo Rosas

Interview with Burpsuite creator Dafydd Stuttard

Here’s an old video from 2015 showing an interview with the creator of burpsuite answering a few questions about how it started and why he initially started developing the tool. Like a lot of security applications it seems to have started its life as a hobby project which kept growing with new features until enough people found it useful for it to become mainstream.

Here are some useful timestamps:

6:30- interview starts
13:10 – how burp got its name
29:30 – Burp spider
32:45 – Server side template engines
40:00 – pricing
45:00 – the wider security community
46:30 – Recommendations for vulnerable test applications

Its interesting to note the difference in presentation between Dafydd who most likely spends his days presenting security ideas to IT managers at corporate jobs compared to the two podcast hosts who seem to be trying to create some sort of cross between the stereotypical hoodied hacker and Joe Rogan. As the security industry matures I’m expecting we’ll come across more of the former.

Hints and Tips for PythonChallenge level 8

This is a page of hints for the Pythonchallenge.com level 8 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Think of the noise small insects make when they fly around.

Expand for hint 2

Have you found the username and password text in the source?

Expand for hint 3

The start of the text may give you a clue as to how it is encoded/compressed

Expand for hint 4

This compression needs to use bytes instead of strings

Expand for hint 5

If you know the compression library but can’t get the decompression working try compressing some sample text to give you a better idea of what it should look like.

Hints and Tips for PythonChallenge level 7

This is a page of hints for the Pythonchallenge.com level 7 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Concentrate on the image.

Expand for hint 2

The code is in the grey pixels in the image, ignore the coloured bits.

Expand for hint 3

What ways are there to store data in colour values?

Expand for hint 4

Have a look at the PIL python library

Expand for hint 5

Can you automatically extract the colour values of each block?

Expand for hint 6

If the values are all within a certain range, could that be converted using a character map?

Hints and Tips for PythonChallenge level 6

This is a page of hints for the Pythonchallenge.com level 6 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

The picture is a clue to a filetype which contains the challenge.

Expand for hint 2

The Paypal link isn’t a trick, it has nothing to do with the challenge.

Expand for hint 3

Can you use code from a similar challenge to automatically navigate these?

Expand for hint 4

Check out the comments in each of the files.

Expand for hint 5

Can you collect the data from the comments in the correct order and map it?

Expand for hint 6

All the comments in the correct order should show a word