logankriete@gmail.com wrote:
> Alright, let me start off by saying that I'm not a malicious hacker -
> like hacker ethic's state, I do this soley for exploration and
> advancement of knowledge.
>
> Let me also say that this may be a long post, but I hope all of you
> respond so we can have an exciting discussion!
>
> Now that the legalese and foreward is out of the way, I've got a
> discussion to start with you wireless experts. I've done my share of
> hacking before, but I've not done any WiFi hacking, so I thought I'd
> post this here to sort of get a consensus on a crazy idea I had
> tonight.
>
> I'm staying at this hotel in NYC over the next 3 days (the Doubletree
> by Times Square). They don't offer wired internet because it's an old
> building and they don't want to rewire it all. So they offer wireless
> internet in the suites for $9.95/day. Bummer, right? So the person I'm
> staying with in the hotel signs up wirelessly with his laptop and gets
> on just fine. The system makes him register an account, and he's got
> his high-speed internet. So I try the account on my computer - no such
> luck. Perhaps only one laptop at a time is allowed to connect? He logs
> off and shuts down his wireless, and I try again. Strike two. Alright,
> so perhaps they're filtering based on something else - what's the most
> permanent thing most people have associated with their network cards? A
> MAC address! Looking more closely at the history log of my friend's
> laptop (we're both computer people and keep logs of these sorts of
> things), I notice that when he first signed up with the system, it
> passed his MAC address around via some GET variables in the URL. So I
> go ahead and change my MAC address to his and re-connect, again making
> sure he's off. Bingo! Wireless internet. Main problem: solved.
>
> Now here's where I started getting excited. They obviously have
> wireless coverage in all of the rooms built in, and the gateway filters
> who's allowed to connect by A) an account with user/pass combo; B) the
> MAC address; or C) a combination of both. Now, I had typed in the
> account information with my old MAC address enabled - not with his,
> which leads me to believe that they're using option B. This really
> doesn't matter anyway, as you'll see later on. So, wireless in all the
> rooms. Based on my findings, theoretically, couldn't I just find
> someone else who's signed up for the internet, get their MAC address,
> spoof theirs as mine, and get internet, in their name? Wouldn't that
> then allow me to get free wireless internet? Remember, whatever you
> tell me can't steal from the hotel - I've already paid to get the
> internet in our room. So, how to get the MAC addresses? I've got a tool
> which can recover the MAC address of a remote machine by giving it the
> IP address - anyone know of a tool which can give me a list of all the
> live hosts' IP addresses in my subnet? I've got SuperScan, but it's
> slow & bloated - I'm thinking maybe nmap? Granted, not every wireless
> MAC address I get will have signed up for the free internet - most
> laptop users who aren't computer literate will just leave their
> wireless adapter on and it'll connect to the default network. But a
> strong percentage (or at least a few) will have done so, and that could
> then be used a list to rotate among for my MAC address, to continually
> get free wireless internet.
>
> But wait, Logan, you're all now thinking - two machines with the same
> MAC address on the same network? Surely the router or gateway would go
> mad! Or something like that. Well, I anticipated that, too - I had once
> read an article about WEP hacking and in it was mentioned a way to send
> a broadcast packet to tell certain clients to
> disconnect/disassociate/disauthenticate from a certain SSID, again by
> spoofing the MAC address to appear as if it the packet were coming from
> the router/gateway. Anyone know of a way to achieve this? If so, then
> one would be able to construct a tool which rotated one's MAC address
> among a list and sending out the appropriately spoofed packets to
> ensure that the MAC address currently in use was not connected to the
> network. Sure, one user at a time will have some wireless troubles, but
> that's their problem to deal with.
>
> And now for the granddaddy of them all - I got the MAC address of the
> main gateway assigned to my laptop when I first connected wirelessly.
> This device, I'm assuming, allows access only to its manufacturer's
> special website for some legalese agreements & logins, etc. Now,
> couldn't I change my MAC address to that of the main gateway, do the
> same for the IP address, and flood the network with spoofed ARP packets
> to, in essence, redirect all the traffic normally going to the gateway
> to my laptop? I could then easily create a fake website which looked
> like the real gateway, grab their user details, and send them along to
> the real gateway. Don't know how much or what I could harvest with an
> attack like that, but any comments would be appreciated to further
> discuss! Another note: I believe an attack like this was described in
> one of the "Stealing the Network" books (I'm not at home right now
> otherwise I'd look it up since I've got the whole series): where a
> student did something similar to grab the personal details of all the
> registering students at a college who were creating accounts at the
> school's "personal" website (you know, sites like my.mit.edu). He used
> a tool, I think, called webmitmd to man-in-the-middle the secure server
> on campus.
>
> That's all I've been brooding about over the past hour or so. I was
> thinking more and more about it but really wanted a bunch of
> knowledgeable experts I could share my thoughts with to further discuss
> the feasability, both technically and otherwise, of the possibility of
> things like these actually happening. Because I'm sure with your
> stimulating responses, I can learn much more than I could have trying
> to research all of this!
>
> That's it! Looking forward to some discussions!

Well, you are in the same room. Perhaps a crossover cable between PCs
and enable sharing. Or haul a wireless router that you both share.

Another idea is to stick an antenna at your window and find some free
wifi.