search

ash47 / EnterpriseWifiPasswordRecover

This is a tool that recovers WPA2 Enterprise Wifi Credentials from a machine.
96 stars 23 forks source link

Wifi in the context of the owner? #3

Open Daltz333 opened 6 years ago

Daltz333 commented 6 years ago

In the readme it states:

After that, it needs to be run in the context of the user who owns the WiFi network

Could I have a bit of clarification on what that means? Who owns the WiFi network? How do I find out who owns it. Do I just have to log in as that user and run the application via PSExec? @ash47

ash47 commented 6 years ago

If you only have one user, it's easy, it's that user -- I'm not 100% sure what happens in a multi user environment to be honest, I've never tested it.

Basically, i meant that you should log in as the user who was logged in when the network was first connected.

I may do some testing to see what happens in a multi user environment.

On Tue, Sep 18, 2018, 1:33 AM Dalton Smith notifications@github.com wrote:

In the readme it states:

After that, it needs to be run in the context of the user who owns the WiFi network

Could I have a bit of clarification on what that means? Who owns the WiFi network? How do I find out who owns it. Do I just have to log in as that user and run the application via PSExec? @ash47 https://github.com/ash47

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ash47/EnterpriseWifiPasswordRecover/issues/3, or mute the thread https://github.com/notifications/unsubscribe-auth/ADlKDoGO-l7eCNPmj_yq8NyNnw7tmD5Vks5ub8C5gaJpZM4WsKw4 .

Daltz333 commented 6 years ago

How would I find that out in a computer with 13+ users on it?

ash47 commented 6 years ago

Is it Windows 7 or Windows 10? Sounds like my code needs to be improved lol

On Tue, Sep 18, 2018, 8:41 AM Dalton Smith notifications@github.com wrote:

How would I find that out in a computer with 13+ users on it?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ash47/EnterpriseWifiPasswordRecover/issues/3#issuecomment-422195319, or mute the thread https://github.com/notifications/unsubscribe-auth/ADlKDrINNNhq1R3qxYHsk-rup0zVLFfoks5ucCULgaJpZM4WsKw4 .

Daltz333 commented 6 years ago

Windows 10.

ash47 commented 6 years ago

I'll try to take a look at it, because i don't know the answer -- can you connect to the network with any user?

On Tue, Sep 18, 2018, 9:10 AM Dalton Smith notifications@github.com wrote:

Windows 10.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ash47/EnterpriseWifiPasswordRecover/issues/3#issuecomment-422200798, or mute the thread https://github.com/notifications/unsubscribe-auth/ADlKDidTbVjAch2Z3pAaPzop9zVoCkOSks5ucCvlgaJpZM4WsKw4 .

Daltz333 commented 6 years ago

Yep

Daltz333 commented 6 years ago

Also. Another issue I have come up with, when I run the .exe from an elevated command prompt, I get an empty profiles folder. I am running as what I assume was the first administrator account. There is no log, just an empty profiles folder is generated.

Daltz333 commented 5 years ago

Can I have an update @ash47? Am I doing this wrong?

Daltz333 commented 5 years ago

Should I assume this project is NOT MAINTAINED @ash47 ?

ash47 commented 5 years ago

I'm not really sure what the problem is, and I haven't had the time to figure out a solid solution for a one click kind of thing at this stage.

Sorry for the delay in responses, it's sitting in my todo list.

On Tue, Dec 4, 2018, 3:08 PM Dalton Smith <notifications@github.com wrote:

Should I assume this project is NOT MAINTAINED @ash47 https://github.com/ash47 ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ash47/EnterpriseWifiPasswordRecover/issues/3#issuecomment-443963761, or mute the thread https://github.com/notifications/unsubscribe-auth/ADlKDt23xBt3WrSxpBfct8AT30dV4njAks5u1fUfgaJpZM4WsKw4 .

Daltz333 commented 5 years ago

Thanks for the quick response. In the meantime, I have forked the repo and added a bit of debug information myself. My C# knowledge isn't the best, nor do I have an indepth understanding of network internals. I'll work on it when I have the free time though.

ash47 commented 5 years ago

Feel free to make a pull request if you do anything to improve it :)

On Thu, Dec 6, 2018, 4:46 AM Dalton Smith <notifications@github.com wrote:

Thanks for the quick response. In the meantime, I have forked the repo and added a bit of debug information myself. My C# knowledge isn't the best, nor do I have an indepth understanding of network internals. I'll work on it when I have the free time though.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ash47/EnterpriseWifiPasswordRecover/issues/3#issuecomment-444577335, or mute the thread https://github.com/notifications/unsubscribe-auth/ADlKDq0wPAo63wurveXbE8ek3vFXyEGTks5u2AZngaJpZM4WsKw4 .

ash47 commented 5 years ago

Well, not exactly what you wanted, but, I just did another release which will search an additional location for the enterprise credentials, and it adds support for another encryption mechanism.

I'm also looking into the impersonation, it might be possible to just try impersonate every single user to decrypt the keys

Daltz333 commented 5 years ago

Thank you. I will give things a try this Monday!

Daltz333 commented 5 years ago

When running this on a computer with only 3 Administrator accounts (attempted all 3), It fails on Stage 2 Failed to find an encrypted password blob :/

Network Configuration:

Security Type: WPA2-Enterprise Encryption Type: AES Authentication Method: Microsoft Protected EAP (PEAP)

Authentication Method Details: Verify the server's identity by validating the certificate checked Connect to these servers can't share server name publicly, swowwy Authentication Method: Secured Password (EAP-MSCHAPv2)

ash47 commented 5 years ago

If you can share the file it generated i can look inside and see if there's an encrypted blob manually if you like?

On Thu, Dec 13, 2018, 3:23 AM Dalton Smith <notifications@github.com wrote:

When running this on a computer with only 3 Administrator accounts (attempted all 3), It fails on Stage 2 Failed to find an encrypted password blob :/

Network Configuration:

Security Type: WPA2-Enterprise Encryption Type: AES Authentication Method: Microsoft Protected EAP (PEAP)

Authentication Method Details: Verify the server's identity by validating the certificate checked Connect to these servers can't share server name publicly, swowwy Authentication Method: Secured Password (EAP-MSCHAPv2)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ash47/EnterpriseWifiPasswordRecover/issues/3#issuecomment-446649010, or mute the thread https://github.com/notifications/unsubscribe-auth/ADlKDm8ISM6YWSzEVJ3bJ7gViNjvjc59ks5u4S2OgaJpZM4WsKw4 .

Daltz333 commented 5 years ago

Sure. I can grab it tomorrow, roughly around 1pm EST. I assume you're talking about the stage 1 and stage 2 text files.