To show the wireless drivers installed run this command. This is particularly interesting as exploits in drivers do exist and most admins do not pay as close attention to driver versions as other types of software:
netsh wlan show interfaces
To list available wireless networks (similar to Linux’s iwlist scan option)
netsh wlan show drivers
netsh wlan show networks
To view profiles of networks saved on this machine:
netsh wlan show networks mode=bssid (this shows more BSSID and signal strength)
To make Windows connect to the specified profile (usually named after the SSID of the network):
netsh wlan show profiles
To export the profile details to an XML file (which includes an encrypted version of the PSK if applicable):
netsh wlan connect name="ProfileName"
netsh wlan export profile name="ProfileName"
To delete a profile
netsh wlan delete profile name="ProfileName"
To Add a profile
netsh wlan add profile filename=c:\temp\myprofile.xml
XML for a WPA2-PSK Wifi networks looks like this
<hex>HEX-of-your-network-name, for example, "abc" would be "616263"</hex>
Now crucially, here are the commands to turn the Windows 7 (or Server 2008 R2) into an Access Point sharing its existing wireless connection out to others:
The hosted network is now created but it is not yet started. To start it, issue the command:
netsh wlan set hostednetwork mode=allow ssid=SomeSSID key=passphrase
Your Windows box is now advertising a network “SomeSSID” (in this case) which other machines can connect to. No notification is given on the Windows box that this has happened and no further notification happens when someone connects.
netsh wlan start hostednetwork
Vivek stated Microsoft’s response was it wasn’t being exploited “in the wild” therefore nothing would be done about it. Happy WiFi backdooring.