Hacking Wifi- Accespoints Passwords stored in Windows 7 or Windows 8 PC

Prerequisite: You should have access to the command prompt with Administrator privileges

Open Command Promt


Command: netsh wlan show profiles

Description: The above command gives us the list of access points our system is connected to, with their names.


Command: netsh wlan show profiles <ACCESS POINT NAME> key=clear

Description: The above command gives us the password of the selected access point’s password in clear text format

under the field “key content”


Linux is being haunted by a G-G-G-GHOST vulnerability



There is a new remote vulnerability in glibc under CVE-2015-0235. The bug is in __nss_hostname_digits_dots() function, which is used by the gethostbyname().

This vulnerability in GNU C Library (glibc), allows remote or local actors to execute arbitrary code under the privilege of user running the function gethostbyname(). Qualsys, who reported the bug was able to remotely exploit this bug in an Exim mail server.

All the glibc updates for CentOS 5, 6 and 7 have now been released and are currently being distributed to mirrors.

If your glibc version is lower than 2.18, you should assume that your server is vulnerable. You can check the version as given below:

[root@linux5 ~]# find /lib/ -name libc.so.*

[root@linux5 ~]# /lib/libc.so.6
GNU C Library stable release version 2.12, by Roland McGrath et al.
Copyright (C) 2010 Free Software Foundation, Inc.

Alternatively, you can use the below vulnerability test program released by Qualsys. (Disclaimer: Use this program at your own risk. We execute these programs under a restricted environment.)

Save the following into a file named ghost.c

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY “in_the_coal_mine”

struct {
char buffer[1024];
char canary[sizeof(CANARY)];
} temp = { “buffer”, CANARY };

int main(void) {
struct hostent resbuf;
struct hostent *result;
int herrno;
int retval;

/*** strlen (name) = size_needed – sizeof (*host_addr) – sizeof (*h_addr_ptrs) – 1; ***/
size_t len = sizeof(temp.buffer) – 16*sizeof(unsigned char) – 2*sizeof(char *) – 1;
char name[sizeof(temp.buffer)];
memset(name, ‘0’, len);
name[len] = ”;
retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);

if (strcmp(temp.canary, CANARY) != 0) {
if (retval == ERANGE) {
puts(“not vulnerable”);
puts(“should not happen”);

Compile it using:
# gcc ghost.c -o ghost

Run it using:
# ./ghost

You’ll see an output saying “vulnerable” if your server is affected by the bug.

It is quite maddening to think this vulnerability has existed for over 14 years. Even crazier is that it was fixed in 2013, but not properly categorized as a security issue, leaving it to haunt some distributions.