iisjman07 Posted January 16, 2011 Share Posted January 16, 2011 I have a friend who has asked me to test the security of his wireless network. I assumed this would be relatively simple, but it's one of those networks in which instead of having an encryption key, it has a landing page whih you need to login to. I'm not sure how to test this, anyone done it before? Basically the objective is to get internet access without logging in; all I know at the moment is that pinging an outside host will resolve that hosts IP address successfully. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 16, 2011 Share Posted January 16, 2011 Well if you can really ping an outside host, than that login page its not doing what its suppose to do. Here is a demonstration, of how you can get internet access http://www.hak5.org/episodes/episode-504 Quote Link to comment Share on other sites More sharing options...
tbstuntz Posted January 16, 2011 Share Posted January 16, 2011 Other than tunnelling through ping or dns is there any other techniques to bypass login pages? Without the use of mitm attacks? Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted January 16, 2011 Share Posted January 16, 2011 You could try sniffing the network for a bit till you know the MAC address of someone who has authenticated. Once they have stopped using the network try using their MAC address. It is quite common for captive portals to keep a list of MAC addresses that have authenticated and then capture any web connections that don't come from one of those MAC addresses. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 16, 2011 Share Posted January 16, 2011 (edited) You could try sniffing the network for a bit till you know the MAC address of someone who has authenticated. Once they have stopped using the network try using their MAC address. It is quite common for captive portals to keep a list of MAC addresses that have authenticated and then capture any web connections that don't come from one of those MAC addresses. Or better yet, you could potentially sniff the credentials used to login. Provided the traffic is not encrypted. Edited January 16, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 16, 2011 Share Posted January 16, 2011 Step 1. Setup fake AP Step 2. Setup fake landing page Step 3. Steal passwsords U mad wireless product vendor? Quote Link to comment Share on other sites More sharing options...
digip Posted January 18, 2011 Share Posted January 18, 2011 Step 1. Setup fake AP Step 2. Setup fake landing page Step 3. Steal passwsords U mad wireless product vendor? Even easier, since you can already connect to the AP and ping websites, just MITM everyone and collect the router password directly from the network. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.