How does it work?
You all know that moment: the happy moment that you find a public hotspot followed with the dissapointment because of a pop-up thats asks for a login-code.
Everyones #1 frustration, atleast it is mine. Now you can either be a nice guy and buy one of those cards, or you can be stubborn and try to hack stuff.
We’re going for the second one.
The security on these hotspots are usually based on MAC-addresses.
The router has already been set-up to decide which computers can and cannot use the internet.
During the login process, access is given to the internet with a code: your MAC-address is being saved in a sort of database.
This will stay there for a couple of hours, depending on how much you payed for. After these hours are over,
the MAC-address will be automaticaly removed from the database that’s from the router, and your access to the internet will be removed.
If you don’t have one of these cards, you won’t be able to use the internet either.
But you are however connected to the network (Atleast the connection to the network that connects you to the login page.)
You might feel it coming already, you can pry/spy into the network! What we will do isn’t really difficult and I will sum it up in three steps:
1. Look which devices are connected to the network (Which MAC-addresses have internet.)
2. Change your MAC-address to a MAC-address with access to the internet.
3. Re-connect to the Access Point, the Hotspot.
Once you connect to the network again, the router will recognize you as an user that paid to
use the internet and it will grant you access to the internet.
It’s best if you have Linux to execute this. I myself use Kali Linux, but any distro should work.
Open your terminal, we will turn off our wlan interface. Type:
ifconfig wlan0 down
Now we will put our network interface in a monitor mode:
iwconfig wlan0 mode monitor
And now we will check if that actually happened:
Now we will look for all networks nearby you. These networks will then be shown with a BSSID MAC-address.
Wait a while untill your ‘target network’ appears and then copy the BSSID that belongs to it.
Then press CTRL+C to stop airodump-ng. Otherwise it will endlessly continue to search for networks.
Now we will look for every device on the network.
The devices are the computers that are connected to the network and are shown in the form of a MAC-address.
It can take a while before these computers are found. It’s important to wait a while to see which MAC-address has alot of traffic.
This is the one that we will use, copy the MAC-address.
airodump-ng -bssid [MAC ADDRESS OF THE NETWORK HERE] wlan0
ifconfig wlan0 down
And then we can change our MAC-address to the one which you choose:
maccchanger -m [MAC ADDRESS OF THE COMPUTER WHICH YOU CHOSE] wlan0
Now you will get a verification that your MAC-address has changed.
If you successfully did this, we will change our interface again in ‘manage mode’:
iwconfig wlan0 mode manage
Then turn on our WiFi-adapter again:
ifconfig wlan0 up
Check to see if it’s on:
Now you will go to the network interface GUI. Connect again with your Hotspot and you can enjoy your free internet.
As you can see you can have access to the internet in a few easy steps.
The way around the security in this way is much faster and the chance to succeed is much faster than the standard way of WEP/WPA2 hacking.