Free Internet, Yay!
So I’ve had this POC under my belt for a while now and am deciding to release it publicly. It’s really nothing new just a demonstration of a security flaw in a network I was associated with at the time.
It consists of spoofing MAC addresses of users on the network that have an associated/authenticated session established which is binded to their current IP address. In order to have packets routed to my location I simply spoof a user’s MAC that is currently established and request an IP address from the DHCP server. This then results in having free internet access.
Now in order to not expose any particular company in question I have censored anything that could possibly be associated with them. So now would be a good time to disclose that this is for educational purposes only and should not be used on a network that you are not authorized to do so on. If you get caught that is your problem.
As you can see in the video I am using a java program that I have written, the source code can be grabbed here and is nothing extravagant, just uses an nmap verbose ping scan as input and allows you to cycle through all available MAC addresses on the network. This has to be executed on backtrack 4/5 since it simply uses other tools to do the work, or any distro that has macchanger, dhclient, etc. also if you need a different interface then the one in the source code, go ahead and change that. Here it is!:
Great security presentation Josh!
Thanks Cortes!