Samer Aoudi
EH Lab Environment Network Traffic Wi-Fi Security Malware Analysis Reconnaissance Social Engineering Scanning Sniffing
Courses CTF Platform Security Tools Commands Cheatsheet Awareness Blog About
Wi-Fi Security (Windows)

In this practical activity, you will use the NETSH WLAN utility to monitor, configure, and secure Wi-Fi settings on a Windows machine.

Why this activity? Organizations that introduce wireless technology risk increasing the potential for security breaches. Being able to monitor, manage, and secure wireless networks is an essential skill for security professionals.

Prerequisite Knowledge: Basic networking; Windows
Requirements: Windows machine with W-Fi.
Duration: 50min
Files: NA
Related Videos: NA
Task #1: Monitor Wi-Fi Settings
Netsh is a Windows command-line utility for configuring and monitoring various network aspects, including Wi-Fi. The Netsh WLAN command is used to show and manage wireless network profiles.
C:\Users\samer>netsh wlan ?
The following commands are available:

Commands in this context:
?            - Displays a list of commands.
add          - Adds a configuration entry to a table.
connect      - Connects to a wireless network.
delete       - Deletes a configuration entry from a table.
disconnect   - Disconnects from a wireless network.
dump         - Displays a configuration script.
export       - Saves WLAN profiles to XML files.
help         - Displays a list of commands.
IHV          - Commands for IHV logging.
refresh      - Refresh hosted network settings.
reportissues - Generate WLAN smart trace report.
set          - Sets configuration information.
show         - Displays information.
start        - Start hosted network.
stop         - Stop hosted network.

In this activity, you will retrieve several wireless device and networks information on your machine.

Expert Mode
  1. Open a command-line prompt in administrator mode and the netsh wlan command to perform the following tasks:
  2. Show the global settings of wireless LAN
  3. Show a list of the wireless LAN interfaces on the system
  4. Show properties of the wireless LAN drivers on the system
  5. Show a list of networks visible on the system
  6. Show a list of profiles configured on the system
  7. Show the blocked network display settings
  8. Show complete wireless device and networks information
  9. Generate a report showing recent wireless session information
Regular Mode
Task in details »
  1. Using your own laptop, or any Windows computer with a Wi-Fi interface, click the Windows icon on the bottom left corner of your Desktop and type cmd
  2. Right-click the Command Prompt application shortcut and select Run as administrator
  3. Show the global settings of wireless LAN by typing the following command netsh wlan show settings
  4. Show a list of the wireless LAN interfaces on the system by typing the following command netsh wlan show interfaces
  5. Show properties of the wireless LAN drivers on the system by typing the following command netsh wlan show drivers
  6. Show a list of networks visible on the system by typing the following command netsh wlan show networks
  7. Show a list of profiles configured on the system by typing the following command netsh wlan show profiles
  8. Show the blocked network display settings by typing the following command netsh wlan show blockednetworks
  9. Show complete wireless device and networks information by typing the following command netsh wlan show all
  10. Generate a report showing recent wireless session information by typing the following command (this command requires admin access) netsh wlan show wlanreport

In this activity, you will retrieve the security settings and reveal the password of a Wi-Fi profile.

Expert Mode
  1. Select any Wi-Fi profile and show its settings
  2. When you find a profile with a Security Key = Present, retrieve the password
Regular Mode
Task in details »
  1. Let us first retrieve a list of all profiles on the system by typing the following command netsh wlan show profiles
  2. Next, we want to find a profile that has a security key. To do that, we will select a profile and run the following command netsh wlan show profile name (where name is the actual name of a Wi-Fi profile on your machine)
  3. Scroll down and find the Security settings section. If the Security Key = Absent as shown below, then repeat the step above for another profile
    Security settings
    -----------------
    Authentication  : Open
    Cipher          : None
    Security Key    : Absent
    Key Index       : 1
  4. If the Security Key = Present as shown below, then proceed to the next step
    Security settings
    -----------------
    Authentication  : WPA2-Personal
    Cipher          : CCMP
    Security Key    : Present
  5. Retrieve the password of the selected profile using the following command netsh wlan show profile name key=clear (where name is the actual name of the Wi-Fi profile you selected). A successful command will look like this:
    Security settings
    -----------------
    Authentication  : WPA2-Personal
    Cipher          : CCMP
    Security Key    : Present
    Key Content     : mypassword

In this activity, you will manage the Wi-Fi settings and harden the configurations as needed.

Expert Mode
  1. Change connection mode from manual to auto or vice versa
  2. Change a profile connection priority to 1
  3. Delete a wireless profile of your choice
  4. Export and import a wireless profile of your choice
  5. Export and import all wireless profiles
  6. Connect to a wireless network
  7. Disconnect from a wireless network
Regular Mode
Task in details »
  1. Change connection mode from manual to auto or vice versa using the following command(s):
    netsh wlan set profileparameter name connectionmode=manual
    netsh wlan set profileparameter name connectionmode=auto
  2. Change a profile connection priority to 1 using the following command(s):
    First show available wireless interfaces
    netsh wlan show interfaces
    Then set the priority for a profile on that interface:
    netsh wlan set profileorder name priority=1 interface="Wi-Fi"
  3. Delete a wireless profile of your choice using the following command:
    netsh wlan delete profile name
  4. Export and import a wireless profile of your choice using the following command(s):
    First export the profile as an XML file into a folder of your choice
    netsh wlan export profile myProfile key=clear folder=C:\myWlanProfiles
    Then import the XML file into a new machine
    netsh wlan add profile filename="myProfile.xml"
    Note: The command above will import the profile for all users and all wireless network interfaces on the new machine. If you want to specify a user, use the following command:
    netsh wlan add profile filename="myProfile.xml" user=current
  5. Export and import all wireless profiles using the following command(s)
    First export all profiles as an XML file into a folder of your choice
    netsh wlan export profile key=clear folder=C:\myWlanProfiles
    Note: Each profile will have its own XML file
    Then import the XML file into a new machine as shown above
    Note: The command above will import one profile at a time.
  6. Challenge: There is a way to import ALL profiles at once. Can you figure it out?
  7. Connect to a wireless network using the following command(s)
    netsh wlan connect name
  8. Disconnect from a wireless network using the following command(s)
    netsh wlan disconnect

In this activity, you will create a wireless ad-hoc (IBSS) network that can be established without a wireless access point and allows multiple wireless devices connecting each other instantly.

Expert Mode
  1. Set up an Ad-Hoc network called csf_3203 with key=mypassword
  2. Start the network
  3. Test the network from anotrher device
  4. Retrieve the network information
  5. Stop the network
Regular Mode
Task in details »
  1. Set up an Ad-Hoc network using the following command:
    netsh wlan set hostednetwork mode=allow ssid=csf_3203 key=mypassword
  2. Start the ad-hoc network using the following command:
    netsh wlan start hostednetwork
  3. Test the network from anotrher device (do it with a classmate or from a mobile device)
  4. Retrieve the network information using the following command:
    netsh wlan show hostednetwork
  5. Stop the ad-hoc network using the following command:
    netsh wlan stop hostednetwork
Name
Red fields are required.
netsh
netstat
wlan
retrieve
display
show
start
set
configure
netsh wlan show profiles
netsh wlan show interfaces
netsh wlan show networks
key=true
key=show
key=clear
netsh wlan show network csf-3203
netsh wlan show profile csf-3203
netsh wlan show interface csf-3203

               
© Samer Aoudi 2005-2024