n3s0 || journal

Showing Wireless Profile Keys In Plain Text Through CLI/PowerShell

Posted on 3 mins

Windows

Summary


Just remembered something that I had to do a while back where I needed to access a wireless network and I didn’t know the Key for it. I didn’t know the wireless key and the person I was requesting access from didn’t know either or forgot.

Luckily, they had a machine that had a Windows operating system installed. Sure, I could crack the PSK for the wireless. But, why make it hard when the Windows machine was connected to the wireless. This method is generally less painful.

The primary method that I’ll be showing is using the netsh command.

Through this article I’ll provide some commands for future reference for the benefit of my future self and others. In my research, I may even find some other methods a long the way.

In order to execute these commands effectively. Access to an Administrative PowerShell or Cmd shell is required.

Would also like to note that before you do this, you should probably obain permission of the owner of the network and the computer.

Showing Wireless Key Using NETSH


First step to this is opening an Administrator PowerShell or Cmd prompt. Then typing in the following command. This will display all of the available profiles that the computer has connected to.

netsh wlan show profiles

Below is the output for the wireless networks that the computer has connected to. In the “User Profiles” section, the SSIDs or Wifi names are available for viewing. Just need to choose which one that’s available for connection. If you trust it, that is.

Profiles on interface Wi-Fi:

Group policy profiles (read only)
---------------------------------
    <None>

User Profiles
-------------
    All User Profile        : Pretty fly for a Wifi
    All User Profile        : NETGEAR
    All User Profile        : Bit Dumpster

Type out the following command. This runs the netsh command and looks for the wireless profile that is the same as the name that you chose using the name parameter. This will then display the PSK or Key in clear text using the key paramether.

netsh wlan show profile name="SSID/WirelessName" key=clear

Below would be the expected output for a wireless network Pretty fly for a Wifi. This is merely here to serve as a concept. Not all results will be the same.

In the “Security settings” section of the output you’ll see something called “Key Content” this is where the PSK or “Password” would be for the wireless network you’re attempting to connect to. In this case, it’s <KEY WILL BE HERE>.

Profile Pretty fly for a wifi on interface Wi-Fi:
======================================================================

....
Connectivity settings
---------------------
    Number of SSIDs     : 1
    SSID Name           : ""
    Network Type        : Infrastructure
    Radio Type          : [ Any Radio Type ]
    Vendor extension    : Note Present

Security Settings
-----------------
    Authentication     : WPA2-Personal
    Cipher             : CCMP
    Authentication     : WPA2-Personal
    Cipher             : Unknown
    Security Key       : Present
    Key Content        : <KEY WILL BE HERE>

That should wrap that one up. If I find any other mothods, I’ll make sure to update this post.