Bypass hotel wifi by Spoofing mac address

1. MAC Spoofing Your Way to Free Internet
2. --------------------------------------
3. by Ashes
4.  
5. This article will help you gain free access to pay-for-use wireless hotspots
6. such as in the airport or the local coffee shops. Many articles I have read on
7. how to gain free Internet access deal with creating ssh tunnels and
8. concatenating characters onto the URL to bypass the router. However, I will be
9. detailing a well known technique of MAC spoofing to gain access.
10.  
11. In this article, I will be using OS X. However, these commands can easily be
12. ported to any *nix machine. On Windows, simply follow the same steps by
13. issuing the equivalent commands in a command window and using the program SMAC
14. to spoof your MAC address.
15.  
16. The first step is to connect to the wireless hotspot as you would if you were
17. going to pay for access. When you have successfully connected to the hotspot,
18. you should be issued an IP address. Check this by entering the ifconfig command:
19.  
20. Ashes$ ifconfig
21. en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
22. inet6 fe80::221:5cff:fe83:a19%en1 prefix1en 64 scopeid Ox5
23. inet 10.15.32.137 netmask Oxffff0000 broadcast 10.15.35.255
24. ether 00:21:5c:83:0a:19
25. media: autoselect status: active
26. supported media: autose1ect
27.  
28. Here we can see that the IP address that was issued was 10.15.32.137. The next
29. step is to gather other MAC addresses connected to the hotspot. To do this,
30. issue a ping to the broadcast address:
31.  
32. Ashes$ ping 10.15.35.255
33.  
34. When this command runs, you should see different IP addresses responding to
35. your broadcast. When you start to see the IP addresses repeating, you can give
36. it the ol' Ctrl-C. The next step is to issue the arp command to see what MAC
37. addresses you have just gathered in your arp cache.
38.  
39. Ashes$ arp -a
40. (10.15.32.95) at (5c:ac:4c:84:d0:65) on en1
41.  
42. Above, you can see that we have the MAC address 5c:ac:4c:84:d0:65 in our arp
43. cache, which is associ­ated with IP address 10.15.32.95. Now, to spoof this MAC
44. address, we must simply tell our en1 wireless card to use the MAC address
45. already connected (and paid) to the access point.
46.  
47. Ashes$ sudo ifconfig en1 lladdr 5c:ac:4c:84:d0:65
48.  
49. After you have changed your MAC address, disconnect and reconnect to the
50. wireless access point. Doing this will grab a new IP address and, since the
51. router's data table already has 5c:ac:4c:84:d0:65 associated with the .95 IP
52. address, this is the IP address you should now have. Because the router keeps
53. track of who has paid by MAC address, you should now be able to access the
54. Internet, bypassing the login and payment pages.
55.  
56. Some notes when choosing to do this. First, connecting to the Internet without
57. paying can be a gray area in regards to morality. The gray area is enhanced by
58. the fact that the MAC address you choose to spoof will be kicked offline. By
59. spoofing another user's MAC address, both your connection and the other user's
60. connection will go up and down. This technique works best in longer stay areas
61. such as an Iraq deployment or a hotel, since a user may not always be online
62. the same time as you, therefore giving you a more stable connection. Another
63. consideration is the list of MAC addresses after issuing the arp command. Not
64. all addresses that show in your arp cache will have paid to access the Internet.
65. Many times, a user's wireless card will connect to a network automatically
66. without the user's knowledge. Because of this, you may have to try more than
67. one MAC address.