Get all the stored wireless passwords from a Windows machine!!

  1. Download the script:
  2. Copy to /sdcard/
  3. Get nc64.exe (32bit version nc.exe if needed) from, copy to /sdcard/
  4. Place it into Kali chroot's /var/www/html/
  5. Start apache in NH App
  6. Plug the phone into the PC, enable USB tethering
  7. Check your IP for rndis0, and replace it in the script (two occurences)
  8. Start the listener on phone nc -lp 8888
  9. Copy the script into NH duckhunter attack, launch and wait for the fun in NH terminal.

Currently tested on Win7 only. Feel free to test on Win8 or 10, and as many phones you can.
Would be really appreciated.
Nexus 6P is kernel 3.x. For 4.x, you have to make sure RNDIS and HID is enabled in USB Arsenal.


Follow me on Twitter!

Credits for Tech with shivank for the spark of the idea