Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,320 --> 00:00:02,920 - My advice is don't be a script kiddie. 2 00:00:02,921 --> 00:00:04,590 Learn how to code. 3 00:00:04,591 --> 00:00:05,910 Learn how to use Python 4 00:00:05,911 --> 00:00:07,530 because that gives you a lot of power 5 00:00:07,531 --> 00:00:09,100 to do many, many things, 6 00:00:09,101 --> 00:00:11,070 opens up a lot of doors for you. 7 00:00:11,071 --> 00:00:12,810 In this video, I'm gonna show you how to use 8 00:00:12,811 --> 00:00:17,340 a simple Python script to get all the WiFi SSIDs, 9 00:00:17,341 --> 00:00:19,420 or the WiFi names if you prefer, 10 00:00:19,421 --> 00:00:23,410 and the passwords for all the WiFi networks on a computer. 11 00:00:23,411 --> 00:00:26,420 I'm gonna show you how you can use a few Windows commands 12 00:00:26,421 --> 00:00:29,840 to list all the WiFi SSIDs on a computer 13 00:00:29,841 --> 00:00:34,260 and then how to retrieve the password of a WiFi network. 14 00:00:34,261 --> 00:00:36,510 But then I'll show you how to use a very simple 15 00:00:36,511 --> 00:00:39,710 Python script to basically extract all that information 16 00:00:39,711 --> 00:00:42,160 and show it in a nice format. 17 00:00:42,161 --> 00:00:43,370 Okay, let's get started 18 00:00:43,371 --> 00:00:45,860 and I'm gonna show you why you should learn Python. 19 00:00:45,861 --> 00:00:47,450 If you wanna be an ethical hacker, 20 00:00:47,451 --> 00:00:49,863 it really opens up a lot of doors for you. 21 00:00:50,885 --> 00:00:53,885 (electronic music) 22 00:00:56,370 --> 00:00:58,120 Okay, so on my Windows computer, 23 00:00:58,121 --> 00:00:59,993 I'm gonna open up a Command Prompt. 24 00:01:00,990 --> 00:01:03,280 In this case, I'll go to the downloads directory 25 00:01:03,281 --> 00:01:04,650 because in this directory, 26 00:01:04,651 --> 00:01:08,200 I've got a little Python script 27 00:01:08,201 --> 00:01:11,130 called get_wifi_passwords.py. 28 00:01:11,131 --> 00:01:12,320 This little script is a script 29 00:01:12,321 --> 00:01:15,160 that I'm gonna concentrate on in this video, 30 00:01:15,161 --> 00:01:17,150 but I've also created additional scripts 31 00:01:17,151 --> 00:01:19,337 where you can get all the WiFi passwords 32 00:01:19,338 --> 00:01:21,950 and email it to an email address, 33 00:01:21,951 --> 00:01:26,800 or copy the WiFi passwords to an HTTP server somewhere, 34 00:01:26,801 --> 00:01:28,513 on the internet as an example. 35 00:01:29,360 --> 00:01:31,843 But this is the one that we're gonna concentrate on. 36 00:01:32,680 --> 00:01:33,883 Before we do that, 37 00:01:35,460 --> 00:01:38,230 let's look at some basic Windows commands. 38 00:01:38,231 --> 00:01:39,520 This is not Python. 39 00:01:39,521 --> 00:01:42,300 This is just commands running in Windows. 40 00:01:42,301 --> 00:01:45,780 So netsh wlan show profiles. 41 00:01:45,781 --> 00:01:50,210 This shows me all the WiFi profiles stored on this computer. 42 00:01:50,211 --> 00:01:52,400 If I click on the WiFi icon, 43 00:01:52,401 --> 00:01:56,040 notice I'm connected currently to this WiFi network, 44 00:01:56,041 --> 00:01:59,400 but other WiFi networks are also listed here. 45 00:01:59,401 --> 00:02:00,710 Now, before we continue, 46 00:02:00,711 --> 00:02:02,490 everything that I'm showing you here 47 00:02:02,491 --> 00:02:04,800 is happening on my local network. 48 00:02:04,801 --> 00:02:08,199 Do not do anything that can get you into trouble. 49 00:02:08,200 --> 00:02:09,820 Be an ethical hacker 50 00:02:09,821 --> 00:02:13,290 and help companies better secure their networks. 51 00:02:13,291 --> 00:02:14,150 So in this example, 52 00:02:14,151 --> 00:02:16,540 everything is being done on my local laptop. 53 00:02:16,541 --> 00:02:19,260 I own all the infrastructure and all the networks 54 00:02:19,261 --> 00:02:20,720 that I'm gonna demonstrate here. 55 00:02:20,721 --> 00:02:23,500 I'm not trying to connect to someone else's network 56 00:02:23,501 --> 00:02:24,690 and hack them. 57 00:02:24,691 --> 00:02:27,410 I'm demonstrating why you need to be careful 58 00:02:27,411 --> 00:02:29,060 with network security, 59 00:02:29,061 --> 00:02:31,060 why you need to learn Python 60 00:02:31,061 --> 00:02:33,880 to help companies better protect their networks. 61 00:02:33,881 --> 00:02:36,950 So this video is for educational purposes only. 62 00:02:36,951 --> 00:02:38,970 Please make sure that you educate yourself 63 00:02:38,971 --> 00:02:40,750 and use this knowledge 64 00:02:40,751 --> 00:02:43,330 to help companies better secure their networks. 65 00:02:43,331 --> 00:02:45,480 We need to try and combat attacks 66 00:02:45,481 --> 00:02:47,950 like the recent attack on SolarWinds. 67 00:02:47,951 --> 00:02:51,620 Because of security issues in their network, they got hacked 68 00:02:51,621 --> 00:02:53,940 and that affected many, many other companies. 69 00:02:53,941 --> 00:02:55,880 Be careful with security. 70 00:02:55,881 --> 00:02:59,540 It's sometimes just too easy to break into companies 71 00:02:59,541 --> 00:03:03,250 or to get information that hackers shouldn't be getting. 72 00:03:03,251 --> 00:03:06,260 So learn how to protect networks. 73 00:03:06,261 --> 00:03:09,330 So once again, I own these networks. 74 00:03:09,331 --> 00:03:12,190 This TP-Link network is actually a little WiFi router 75 00:03:12,191 --> 00:03:13,680 that I've got behind me. 76 00:03:13,681 --> 00:03:16,900 So all of this information is just test networks 77 00:03:16,901 --> 00:03:19,470 that I'm using to demonstrate the power of Python 78 00:03:19,471 --> 00:03:23,110 and the power of knowing a little bit about coding. 79 00:03:23,111 --> 00:03:27,320 Okay, so we can use the netsh wlan show profile 80 00:03:27,321 --> 00:03:28,830 and look at a profile 81 00:03:28,831 --> 00:03:31,830 to see information about a WiFi network. 82 00:03:31,831 --> 00:03:34,080 So there's the command once again. 83 00:03:34,081 --> 00:03:37,860 We can see information about it such as the name. 84 00:03:37,861 --> 00:03:39,740 It's a Wireless LAN. 85 00:03:39,741 --> 00:03:42,720 Connection mode is connect automatically. 86 00:03:42,721 --> 00:03:44,080 There's some other information here, 87 00:03:44,081 --> 00:03:46,890 but this is the piece that we're most interested in. 88 00:03:46,891 --> 00:03:50,680 This tells us that a security key is present. 89 00:03:50,681 --> 00:03:55,550 And what we wanna do is get Windows to show that 90 00:03:55,551 --> 00:03:56,660 in clear text. 91 00:03:56,661 --> 00:04:00,040 So this command netsh wlan show profile 92 00:04:00,041 --> 00:04:01,690 whatever the WiFi network is. 93 00:04:01,691 --> 00:04:05,373 So this is the SSID or the name for the WiFi network. 94 00:04:06,210 --> 00:04:10,560 Key=clear will allow us to see the password. 95 00:04:10,561 --> 00:04:11,630 And then you go. 96 00:04:11,631 --> 00:04:14,513 That is the password of the WiFi network. 97 00:04:15,690 --> 00:04:20,690 That WiFi network is once again a little TP-Link router 98 00:04:21,399 --> 00:04:22,880 that's right behind me. 99 00:04:22,881 --> 00:04:24,170 So on this router, 100 00:04:24,171 --> 00:04:27,680 there's the SSID or name of the WiFi network. 101 00:04:27,681 --> 00:04:29,660 There's the password. 102 00:04:29,661 --> 00:04:33,300 By simply using this command on a Windows computer, 103 00:04:33,301 --> 00:04:36,770 I was able to retrieve the password of that SSID 104 00:04:36,771 --> 00:04:38,570 or that WiFi network. 105 00:04:38,571 --> 00:04:41,510 Okay, but let's use Python to automate this process 106 00:04:41,511 --> 00:04:44,080 because we don't want to 107 00:04:45,040 --> 00:04:48,570 have to do that command for every network. 108 00:04:48,571 --> 00:04:49,650 And I'll just clear the screen. 109 00:04:49,651 --> 00:04:51,450 So as an example, 110 00:04:51,451 --> 00:04:55,768 we could look at the password for this network, 111 00:04:55,769 --> 00:04:56,851 mysecurewifi, 112 00:04:58,300 --> 00:05:01,021 and you can see that there's the password, 113 00:05:01,022 --> 00:05:05,020 youcannotgetaccess! or bang if you prefer, 114 00:05:05,021 --> 00:05:09,670 but let's use a Python script 115 00:05:09,671 --> 00:05:13,670 to show all of the all the SSIDs, all the WiFi networks, 116 00:05:13,671 --> 00:05:15,840 and all the passwords. 117 00:05:15,841 --> 00:05:17,950 Now, before I go through the whole script 118 00:05:17,951 --> 00:05:21,370 in a lot of detail, let me show you what it actually does. 119 00:05:21,371 --> 00:05:23,750 So dir in downloads directory. 120 00:05:23,751 --> 00:05:25,200 This is the script. 121 00:05:25,201 --> 00:05:27,840 So I'm simply gonna run Python. 122 00:05:27,841 --> 00:05:32,360 And what I'm gonna run is get_wifi_passwords.py. 123 00:05:32,361 --> 00:05:33,780 And there you go. 124 00:05:33,781 --> 00:05:37,600 There are all the SSIDs 125 00:05:37,601 --> 00:05:40,690 and all the passwords stored on this Windows laptop. 126 00:05:40,691 --> 00:05:43,200 I'll clear the screen and I'll run it again, 127 00:05:43,201 --> 00:05:46,480 python get_wifi_passwords.py, 128 00:05:46,481 --> 00:05:51,480 and notice there is the password for the TP-Link router. 129 00:05:53,100 --> 00:05:56,933 There's the password on this network. 130 00:05:58,270 --> 00:06:01,610 And you can see the information for the other SSIDs 131 00:06:01,611 --> 00:06:04,140 or wireless networks and all their passwords. 132 00:06:04,141 --> 00:06:05,460 These are just test networks 133 00:06:05,461 --> 00:06:08,920 that I've created specifically for this demonstration, 134 00:06:08,921 --> 00:06:10,330 but it's as simple as that 135 00:06:10,331 --> 00:06:14,940 to get the passwords on a Windows computer. 136 00:06:14,941 --> 00:06:17,130 So now let's look at the code. 137 00:06:17,131 --> 00:06:18,990 Okay, so here's the Python script. 138 00:06:18,991 --> 00:06:22,130 First thing we're gonna do is import subprocess. 139 00:06:22,131 --> 00:06:24,680 This will allow us to use system commands. 140 00:06:24,681 --> 00:06:26,350 Then we're gonna import re 141 00:06:26,351 --> 00:06:29,010 which allows us to use regular expressions. 142 00:06:29,011 --> 00:06:31,150 Regular expressions are used in many, many places. 143 00:06:31,151 --> 00:06:33,690 It basically allows us to search for a specific text 144 00:06:33,691 --> 00:06:36,380 in some output and then do something. 145 00:06:36,381 --> 00:06:38,600 Now, rather than trying to copy all of this down, 146 00:06:38,601 --> 00:06:41,930 note that I've put a link to GitHub below this video 147 00:06:41,931 --> 00:06:43,450 so that you can download the script, 148 00:06:43,451 --> 00:06:45,370 but you use it at your own risk, 149 00:06:45,371 --> 00:06:48,550 and please be aware that this is supposed to teach you 150 00:06:48,551 --> 00:06:50,160 ethical hacking principles 151 00:06:50,161 --> 00:06:52,860 and shouldn't be used to hack other people's networks. 152 00:06:52,861 --> 00:06:55,450 Don't go to jail. Don't get into trouble. 153 00:06:55,451 --> 00:06:57,960 Use this for ethical hacking purposes only. 154 00:06:57,961 --> 00:06:58,970 Now, what you'll notice here 155 00:06:58,971 --> 00:07:01,730 is I've put a lot of documentation in the output. 156 00:07:01,731 --> 00:07:03,960 So I'm not gonna try and explain every command 157 00:07:03,961 --> 00:07:05,080 in a lot of detail 158 00:07:05,081 --> 00:07:07,760 because it's all documented in the script. 159 00:07:07,761 --> 00:07:10,160 But notice here as an example, 160 00:07:10,161 --> 00:07:12,380 we are running the subprocess command 161 00:07:12,381 --> 00:07:16,200 and we're running netsh wlan show profiles. 162 00:07:16,201 --> 00:07:19,750 That's as if we had run this command. 163 00:07:19,751 --> 00:07:23,580 So we're running that command basically in Python 164 00:07:23,581 --> 00:07:27,940 and then we're gonna capture the output and decode it. 165 00:07:27,941 --> 00:07:31,490 And then what we're gonna do is use a regular expression. 166 00:07:31,491 --> 00:07:32,880 Notice re. 167 00:07:32,881 --> 00:07:37,880 We're going to look for entries that say all user profile 168 00:07:38,170 --> 00:07:40,250 because that's what's in the output. 169 00:07:40,251 --> 00:07:41,900 We are looking for that. 170 00:07:41,901 --> 00:07:46,000 And we're gonna grab all the profile names 171 00:07:46,001 --> 00:07:47,723 and store that in a list. 172 00:07:48,690 --> 00:07:50,510 So we create an empty list. 173 00:07:50,511 --> 00:07:53,070 And then if the profile name does exist, 174 00:07:53,071 --> 00:07:56,610 for every name in the profile name, 175 00:07:56,611 --> 00:07:58,423 we're going to create a dictionary. 176 00:07:59,400 --> 00:08:01,350 And then we're gonna run 177 00:08:01,351 --> 00:08:06,150 the netsh wlan show profile and the name 178 00:08:06,151 --> 00:08:09,660 and look to make sure that a security key is found. 179 00:08:09,661 --> 00:08:12,690 If a security key is found, 180 00:08:12,691 --> 00:08:14,540 we are going to run the command 181 00:08:14,541 --> 00:08:18,440 that shows us the security key information. 182 00:08:18,441 --> 00:08:21,663 So again, we're running this command to see the profiles, 183 00:08:22,600 --> 00:08:25,690 then we're running this command for every profile name 184 00:08:27,240 --> 00:08:29,980 to make sure that a security key is present. 185 00:08:29,981 --> 00:08:31,813 And if it is present, 186 00:08:32,929 --> 00:08:36,710 then we're running this command setting the key to clear 187 00:08:36,711 --> 00:08:40,679 so that we can find the actual password. 188 00:08:40,680 --> 00:08:44,270 So notice there you can see key=clear. 189 00:08:44,271 --> 00:08:45,640 We wanna run that. 190 00:08:45,641 --> 00:08:48,203 We wanna capture the output and decode it. 191 00:08:49,560 --> 00:08:51,363 We wanna store that information. 192 00:08:52,710 --> 00:08:54,910 We are looking for the password. 193 00:08:54,911 --> 00:08:57,180 If the password is set to none, 194 00:08:57,181 --> 00:08:59,253 we'll say the profile password is none. 195 00:09:00,880 --> 00:09:03,063 Otherwise, we'll specify the password. 196 00:09:04,090 --> 00:09:09,090 And then we're gonna basically run through the WiFi list 197 00:09:09,490 --> 00:09:11,593 and print this in a nice format. 198 00:09:12,750 --> 00:09:15,830 So again, if I run the script, 199 00:09:15,831 --> 00:09:18,860 it basically gives us this output. 200 00:09:18,861 --> 00:09:20,020 So there you go. 201 00:09:20,021 --> 00:09:21,260 In a few lines of code, 202 00:09:21,261 --> 00:09:24,730 and most of the script is just comments 203 00:09:24,731 --> 00:09:27,770 trying to explain what the code is doing, 204 00:09:27,771 --> 00:09:32,560 I was able to retrieve all the SSIDs on a Windows computer, 205 00:09:32,561 --> 00:09:35,760 all the passwords, and then display them on the screen. 206 00:09:35,761 --> 00:09:37,100 Now, you can extend the script 207 00:09:37,101 --> 00:09:41,070 and email the passwords to use yourself 208 00:09:41,071 --> 00:09:43,150 or copy them to a server. 209 00:09:43,151 --> 00:09:45,950 I'll put a link to that code below this video. 210 00:09:45,951 --> 00:09:48,460 That code is available on my GitHub. 211 00:09:48,461 --> 00:09:49,940 I won't go through that in this video 212 00:09:49,941 --> 00:09:51,990 because I don't wanna get into hot water. 213 00:09:51,991 --> 00:09:53,650 So that code is available. 214 00:09:53,651 --> 00:09:56,700 Again, use it only for ethical hacking purposes 215 00:09:56,701 --> 00:09:58,400 or for educational purposes. 216 00:09:58,401 --> 00:10:01,640 Don't get into trouble. Don't go to jail. 217 00:10:01,641 --> 00:10:03,020 Okay, I hope you enjoyed this video. 218 00:10:03,021 --> 00:10:05,580 I just wanted to show you why it's important 219 00:10:05,581 --> 00:10:07,870 to implement good security on a network. 220 00:10:07,871 --> 00:10:11,490 Don't just open some file that someone sends you 221 00:10:11,491 --> 00:10:14,100 as an attachment on an email, 222 00:10:14,101 --> 00:10:16,420 because that could run a piece of code 223 00:10:16,421 --> 00:10:18,490 that could get all the WiFi passwords 224 00:10:18,491 --> 00:10:20,710 and then email them to someone. 225 00:10:20,711 --> 00:10:23,780 So be careful which applications you run. 226 00:10:23,781 --> 00:10:26,060 In this example, I'm running raw Python. 227 00:10:26,061 --> 00:10:29,340 In a separate video, I'll show you how to take Python code 228 00:10:29,341 --> 00:10:31,430 and wrap that as an executable 229 00:10:31,431 --> 00:10:36,150 so that you can just run an app if you like on a computer 230 00:10:36,151 --> 00:10:38,610 rather than running raw Python. 231 00:10:38,611 --> 00:10:40,250 Don't be a script kiddie. 232 00:10:40,251 --> 00:10:42,850 Learn the power of programming. 233 00:10:42,851 --> 00:10:45,430 Learn how powerful this is. 234 00:10:45,431 --> 00:10:48,470 It'll change your life if you can write a bit of code, 235 00:10:48,471 --> 00:10:50,390 opens up so many doors for you. 236 00:10:50,391 --> 00:10:51,880 Okay, I hope you enjoyed this video. 237 00:10:51,881 --> 00:10:53,460 If you did, please like it. 238 00:10:53,461 --> 00:10:55,720 Please consider subscribing to my YouTube channel. 239 00:10:55,721 --> 00:10:57,790 Please click on the bell to get notifications. 240 00:10:57,791 --> 00:10:58,623 I'm David Bombal. 241 00:10:58,624 --> 00:11:00,524 I wanna wish you all the very best. 242 00:11:00,525 --> 00:11:03,441 (electronic music) 17756