I guess I'll start off with some wireless stuff. Ever had a friend or co-worker leave their laptop around you, unattended? Well if that individual is running Windows, you're about to have some fun. Most people have administrative privileges to their own workstation, or at least enough privileges to do what we're about to. While they're gone, all you need to do is open up your preferred terminal, here I'm using PowerShell.
- Type "netsh", this will bring you into the netsh (or network shell) context.
- Type "wlan show profile" this will show the names of every wireless network this computer has ever connected to (given that the user doesn't remove any networks from their device).
- Type "wlan show profile networkhere key=clear". This will return the PSK of the selected network in cleartext.
Now you get to have some fun! Next time your friend/co-worker has a gathering at their place, free WiFi! (If they don't let you use their WiFi while you're there anyways, then maybe they deserve this.) If you're still reading, it's time to explain a bit. The reason you're able to pull this information is because your computer is basically acting as a password manager. Each time you connect to a wireless network that you've authenticated to before, it has to pull that password from memory. Your WAP doesn't read hashes from devices, so your computer has to have the cleartext form of the PSK.
One thing of note, most people don't clear wireless networks from their devices, so if you aren't after just their home network's PSK and you'd rather perform a MITM attack, you've got all the info you need right here.