ash47 / enterprisewifipasswordrecover Goto Github PK

Ash,
Some apparent changes in Win10 WiFi profile formats is preventing things from working now:

1. The SearchForUsername signature has changed. In the successfully SYSTEM decrypted Stage2 file I see lots more 0x00 intervening bytes in the signature (i.e., 00,04,00,00,00,00,00,00,00,00,00,00,00,20,00,00,00,00,00,00).
2. Username seems to be in Unicode now (terminated by two zeros now instead of one)
3. Password also appears to be Unicode. Stage 3 finds and decrypts the blob, but nothing prints because of the Unicode (finds 0x00 immediately).

I'm pretty rusty at coding these days (don't even have VS installed). Is this something you have time to look at? Thanks!

In Windows 10, the first layer can be decrypted using the following C# code, run in the context of the system user:

ProtectedData.Unprotect(<data>, null, DataProtectionScope.LocalMachine);

Assuming CMD is open by PSExec.exe and you are now in nt authority\system mode, you said to run the C# code: ProtectedData.Unprotect(<data>, null, DataProtectionScope.LocalMachine);

But How I run this C# code?
Whats I want to do with this folder?
I want to compile it?
How I set a path to NET Framework?
Do I need to use csc?

I new in C# and I still don't know how to do this! Can you write a tutorial? Please!

Getting this error when run as system (PsExec.exe), administrator CMD and normal user CMD I'm getting the error "Run as SYSTEM or ORIGINAL USER!".

me stupid solved sorry

If I run the tool as SYSTEM user it creates the below output.
Credentials of my WiFi connection ARE stored, that is not the issue.
Windows 10 1809

{FD2C7E10-8C87-47E5-97EF-AF95D7552780}
Extracted stage1 for {FD2C7E10-8C87-47E5-97EF-AF95D7552780}
{FD2C7E10-8C87-47E5-97EF-AF95D7552780}
Extracted stage1 for {FD2C7E10-8C87-47E5-97EF-AF95D7552780}
-1
Failed to find username field!
Failed to find an encrypted password blob :/
Found the following:
Domain:
Username:
Password:

stage2_{7500BD5B-60BB-4B04-A443-C01E480C386A}.txt
stage1_{7500BD5B-60BB-4B04-A443-C01E480C386A}.txt
theese came up please help i dont know what to do

I am sure I am running as the user, because there is only ONE user in my WIN10.

Extracted stage1 for {DC39FE79-9E19-472B-983C-0DD16D8CB731}
Found encrypted password blob...
Failed to decrypt password --- This needs to be run as the user who owns the password

Is it possible to make it a one click deal - run it as user/admin and get the password instantly? Currently it needs to be run as admin first (sometimes with PsExec) and then user...

I test this C# script on Windows 8 to find PEAP password from my School but all computers have Windows 8.1 Installed. So the script stop at Stage 2! Any Ideas? Does anyone know of another script that runs on win 8?

Hello,

I have been working at this for hours, but I have no idea whatsoever about how to get this working. Similar to the issue @simon-baer had (which has no answers at this time), the program refuses to work. After trying to use PsExec, it kept on failing to run PowerShell with SYSTEM privileges, so I turned to using AdvancedRun, which worked.

However, when I followed the guide here https://gist.github.com/sleeyax/e8684c60c9e0b771d96195e0b4d4c8c0 (which was very helpful in explaining), after I ran the command with SYSTEM privileges, PowerShell threw this error at me:

OS: Windows 10 21H2

{***-***-***-***-***}
Extracted stage1 for {***-***-***-***-***}
-1
Failed to find username field!
Failed to find an encrypted password blob :/
Found the following:
Domain:
Username:
Password:

I tried looking at the two files within 'profiles', but there was nothing which I was able to see. If you would like me to, I could send you the encrypted files.

Anyways, please help me to resolve this issue.

Best regards,
dudeman

The following registry entry and following on disk directory is they are not present in the system:

HKEY_CURRENT_USER\Software\Microsoft\Wlansvc\UserData\Profiles
C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\

the script has no output!
How can I do it?

I am unable to retrieve my password. I reached stage 2 and got profiles also. It says run with the user who owns the password or something like that. Please help I need the password badly.

Hi, I am wondering if I take the registry file (from the right path) and take it to another computer on another network, can I still decode the file and get the user/password? Thanks! (I also know the username and password to that computer user but don't have access to that computer anymore or the network) edit: at the moment the file is just on my desktop, I'm willing to properly import it into my own registry if that helps.

Hello everyone,

this request might be a little offtopic but this is by far the best I have found until now regarding this topic.

I have a quite different challenge, I know the user+password but need to store it on several hundred PCs. The "several hundred" part is not the problem, but I have still no idea how to store the password by command line.
And yes, I know it would be better to do it with domain credentials or certificate. We are doing this in our company network but I need to deploy a connection to a network which is administrated by someone else.

Anyway: I was perfectly able to extract the user+password from registry. But I need to store them again now and maybe someone knows a fast/easy way how to do this?
I already found this: https://github.com/rozmansi/WLANSetEAPUserData but I doesn't seem to work.

Thanks a lot for any help!

PS: If this should not be discussed here because offtopic please just close the issue.

In the readme it states:

After that, it needs to be run in the context of the user who owns the WiFi network

Could I have a bit of clarification on what that means? Who owns the WiFi network? How do I find out who owns it. Do I just have to log in as that user and run the application via PSExec? @ash47

I followed the instructions but I've only managed to retrieve the username. It's in the stage 2 file. Should the password be there too? Did I miss something? Running it more times doesn't do anything.