Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

WiFi Gateway/Ibahn bypass


WiFi Gateway/Ibahn bypass

By ghostghost | 38092 Reads |
0     0

"FREE" PUBLIC WIFI

I don't know about all of you but I'm getting irked by the "free wifi" in airports and such charging by the hour, so I found a way to beat some of the systems.

Upon connection if you attempt to send a TCP or UDP packet it directs you to a transparent proxy which forces you to pay. This pretty much has you in a bind, no idea as to what the devil to do with the bloody thing.

Fortunately there is a way that may work to bypass this. Open up a CMD and ping a site like google. If it returns results then this workaround will work.

You see, by information returning through the ping request we can figure that there is some sort of protocol that can still hop the proxy without detection, otherwise you would get no response. This leaves the proxy wide open for some SSH or Tunneling attempts, but the most tested method is using Ping Tunnel. (http://www.cs.uit.no/~daniels/PingTunnel/) Be sure to read the information on that page.

For this to work you need a home server running some sort of shell or tunnel server. Typically the port that is left open is the ICMP port, but it is an abstract port running on a different OSI level than the typical TCP/UDP packets, the reason why it is rarely blocked. The corresponding physical port is port 7 which allows pings.

IBAHN KIOSKS

Now then on to the second part, the Business Centers and the Ibahn Kiosk/Terminal. They work fine for the most part, allowing business use and such, but blocks facebook and proxies. It gets rather annoying that all the social sites that you want to visit are blocked. Who do they think they are, a school?

Ibahn is by far no exception to the principal that anything can be hacked.

One of the methods I found out about was just jacking the Ethernet cord to your own laptop or device. That's all fine and dandy as long as the Hotel attendants and fellow users are fools. Nothing screams fishy like a cord hanging that's not supposed to be there and that little smile you get when you "fixed" something.

There's always obscuring your URL (http://www.pc-help.org/obscure.htm)

An example is http://www.facebook.com will not work, BUT http://www.ibahn.com@www.facebook.com may work. Unfortunatelly this is only a temporary trick and you have to keep doing this for every page you visit. If you can get XSS going then try an iframe and viewing the page inside the Kiosk home.

Long hours and programmers do not mix well as some of you will attest to. It seems that when disabling the print button the programmers forgot about what would happen if someone maximized the window. It works.

Use the print to image option, the default one in most cases. This escapes the Kiosk shell. Use a jump drive with firefox on it after you vault that shell and you can imagine the possibilities there.

The system will still be locked down, no cmd, shell, taskman, or anything. Wait though, we can install things now that we've vaulted the shell. Think, no taskman? Download an alternate. No Shell? Download an alternate.

Now as soon as you have some form of command prompt you can do pretty well anything, including using that IP in your room for their "free" public wifi. Learn a little bit about spoofing and see where that takes you.

Conclusion

The internet should be free in public places but those corporate rats have found every way possible to jack us out of even more money, so I find and read about ways to jack them back.

I hope this helped some of you! Happy Free "Free" Wifi!

Comments
ghost's avatar
ghost 15 years ago

A nice article with some good information.

ghost's avatar
ghost 15 years ago

I haven't been in a situation where I could try an Ibahn kiosk, but it sounds interesting. The ping tunnel concept is something I'll have to try out.

ghost's avatar
ghost 15 years ago

Nice one Lemur :)

Uber0n's avatar
Uber0n 15 years ago

Very interesting, thanks B)

Calavarea's avatar
Calavarea 4 years ago

awesome article thanks for sharing, will be trying the ping tunneling very soon.