histats

HACKING WIFI: BYPASS CAPTIVE PORTAL

Good night BL0Gnoters!!!

Today is not so well, but also not a bad day. I’m so tired from doing my job last night(ind: tugas kampus, mana jarang tidur, hee ). OK, to refresh my mind, i’ll share about how to hacking wifi, if use the captive portal for the protection.
Captive portal is router machine or gateway whos not permite the traffic before users login/registrasi or autentication. More about captive portal
You know? You has been connected to the wireless connnection, but you’re not able to browsing, searching, open your facebook, twitter, on other site. You have redirect to the login page from the owner wifi site. After you’re login, you can open your facebook or other site. Hehehe 🙂 or something site?
Let’s back to the point. How to get the connection without login? Something must be underlining is the captive portal just tracking connection of client with the IP address and MAC address after client has authentication. This condition make me think, we can use this connection without authentication, because we can get the IP address and MAC address by spoofing. Attacking by spoffing, and then clone to our hardware.
To spoofing the MAC address we can use the toos, built in Kali Linux (hhehe user nyubi), such as airodump-ng, aircrack-ng, kismet or many more. And for the MAC address, we must think out of the box hehe. We can use the ARP cache poisioning, we can redirect the trafic from the clinet who has connected.
I‘ll tell you the simple way how to get this connection by my Kali Linux 😀
#airmon-ng

and look at the interface, my interface is wlan0 then use it to start the airmon-ng

#airmon-ng start wlan0

 
and then look at the monitor mode enabled on mon0. I’ll use the mon0  to scanning network wireless discover me using the airodump-ng.
#airodump-ng mon0

 
 From the airodump-ng result we have an BSSID, STATION and many more. You modification the argument for spesifc scanning, look the options by typing: #airodump-ng –help
Before clonning, you must choose the mac address from the airodump-ng result. I suggest you to choose who have the biggest traffic/packets/ or frames. (use the station as mac address)
OK. Now, the last job is clonning the MAC address to our hardware. Many way to do that, you can use the macchanger, by typing
#macchanger -m [the mac address] [interfaces]
for example
#macchanger -m 48:D2:24:BF:5B:A6 wlan0
 The command will change your current mac to new mac for your identity. Or you will do like me? I’m not using mac changer, there is the more simple way to change the mac addres.
Open your network connection setting, on Kali Linux look at Applications -> System Tools -> Preferences -> Network Connections.

And then click on Wireless tab, choose your target network (The target is the same target who have the BSSID where the new mac is connected) and then click Edit.

Look at the capture image. Put your new mac into ‘Cloned MAC address’.
Now what??

Everything well done! You’re connected. Just open your browser and now you can open my BL0Gnotes

hahaha 😀 OK BL0Gnoters, tanks for visiting, and keep visit this blog 🙂
Don’t forget to leave a comment 🙂