i figured that such restriction is probably in router or some special software.
I thinked lil bit and all i was able to come up, was that it identifies your pc/laptop by MAC address, because there can't be anything else. Ofcourse this goes only for the full access, some of those places takes you to their site where you have to pay and then insert your user:pass, such places are nearly unhackable, because they work as a proxy, you login to their site and you browse thru their site, so it means no other things besides your web browser (you can make custom login for other software, but you still have to pay).
anyways most of those places give you full access to internet, in that case its very easy to bypass such restriction and get internet without paying anything.
1. change your MAC address to a known client.
- huh ?
- yes, just one step, however you need to get a valid/known MAC first (look step 2)
- you can easily change your MAC address with TMAC
2. you need linux or compatible card for that
- its very rare if you can do that in windows, because only few out of millions of cards are supported.
- backtrack 4 will work just fine too or any other live linux cd/dvd
3. in linux, get aircrack-ng suite
4. now put your card on monitor mode with this command:
Code: Select all
airmon-ng start wlan0
- start < starts the monitoring mode
- wlan0 < this is my interface (maybe different from mine, like wlan1, wifi1 ..etc)
5. now start airodump-ng with the following command:
Code: Select all
airodump-ng -w mysavefile mon0
- -w < saves all the packets into the file you specify (mysavefile on my case, put anything you wish)
- mon0 < this is the activated monitoring interface (virtual interface you activated in step 4
6. let it capture for a while, depends on you, sometimes you can get valid/known MAC in no time
7. once you done, copy your mysavefile.cap (.cap is extension where it captures) into your windows partition or some external drive..etc
8. go into windows, get wireshark or commview (or any other program that reads .cap files)
- wireshark is available for linux too
9. open mysavefile.cap and just read the packets and find yourself a 'victim'
10. once you have a valid/known MAC, open TMAC and change your MAC to what you got.
if you stole your victim's mac correctly, then now you can connect to that cafe (or whtever it is) and use internet without paying anything :)
NOTE - when 2 clients with same MAC are connected at same time, then it will impact and lags and sometimes won't even load for one or other side, mostly whoever connects first, will be able to use internet and other client with same MAC who connected later will get lot of timeouts. so if your victim disconnects and you are connected and he/she tries to connect again, then he/she may not even get into his/her payed internet at all.
Evil ? oh yess and i should prolly warn you that it is illegal to steal somebody's internet like this.
Also even more EVIL is to kick the client out before connecting, so you would have net and real owner would not have haha. however thisi s another topic already so i will not specify it here, it can be done with aircrack-ng suite too, to deauthenticate the client. i have never tried, but it should work.
UPDATE:
I just confirmed that in the field it works. I monitored and captured the packets, then i took victim's MAC and changed mine to this, i was able to connect, however as i said its buggy, sometimes you have to refresh the page like 2-3 times before it loads.
also confirmed that deauthentication works, but you can't really ban them, it only disconnects client/s, if you keep it on for 5 mins, then it should be enought to disrupt their networking (download, browsing..etc) you can do that with the following command:
Code: Select all
aireplay-ng -0 11 -a xx:xx:xx:xx:xx:xx -c yy:yy:yy:yy:yy:yy mon0
-0 < this is deauth (11 how many times to send)
-a < mac of the access point where your victim is connected
-c < mac of your victim (client you want to deauth)
mon0 < your monitoring interface