Security, Tech, Windows

Recovering WiFi passwords in Windows

Microsoft has a CLI-tool available in Windows to configure and administer networking.
The tool is called netsh.exe.

Companies might want to disable the tool trough the Group Policy Editor, because users with administrative access might be able to access all SSID’s and their corresponding passwords.

Write up:

How to use netsh.exe to get a list of WiFi profiles on your computer.
Open cmd as administrator.
netsh wlan show profiles

netsh wlan show profiles

In the image above, you can see all saved WiFi profiles on this computer.

netsh wlan show profiles name="rozemarijnguest" key=clear

change name=”” to name=”nameofyourwifi”
The output of this command is something like this:

netsh wlan show profiles name=

With a simple PowerShell script, we can export all saved WiFi SSID’s and their passwords:

(netsh wlan show profiles) | Select-String "All User Profile" | ForEach-Object {
$ssid = $_.Line.Split(':')[1].Trim()
$profile = (netsh wlan show profile name=$ssid key=clear)
$passwordLine = $profile | Select-String "Key Content"
if ($passwordLine -ne $null) {
$password = $passwordLine.Line.Split(':')[1].Trim()
"SSID: $ssid`nPassword: $password`n"
} | Out-File -FilePath "C:\Temp\wifipass.txt"

The result of the script above is something like this:

!!!Please do not use this on others!!!

Tested on Windows 7 – Windows 10 – Windows 11

Tagged , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *