You are here: Home » Wireless Attacks » hack-captive-portals

hack-captive-portals

hack-captive-portals Description

Hack any Captive portal using MAC-spoofing technique.

This script is using MAC-spoofing technique. This method is the only one which is present in all wireless and some wired Captive portals by design. Once a host is authorized by the Captive portal, its MAC and IP address are allowed unrestricted access. All we need to do is sniff traffic on the network, find a host that is authorized, and spoof its IP and MAC address.

Spoofing a MAC is dependent on your network card and driver but most modern network devices today support it.

The downside of course is that you have to observe someone already authenticated, but in places such as a crowded airport lobby this may be less difficult than it seems.

Homepage: https://github.com/systematicat/hack-captive-portals

Author: Stanislav Kotivetc

License: WTFPL

hack-captive-portals Help

The script does not have any options - just run it and wait until it finishes its work.

hack-captive-portals Usage Example

Run the script:

sudo ./hack-captive.sh

and wait for it to finish its work.

If a line appears

Pwned! Now you can surf the Internet!

this means that you can use the Internet access of the interception portal, no other actions are required.

Example output:

Exploring network in "i_spac_5FL-2.4GHz" Wi-Fi hotspot.
Looking for active hosts in 192.168.88.0/24. Please wait.
Trying to hijack 192.168.88.0 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.2 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.3 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.4 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.5 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.6 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.7 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.8 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.9 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.10 - 6c:3b:6b:e0:75:50
Trying to hijack 192.168.88.11 - 00:07:9f:2c:0c:38
Pwned! Now you can surf the Internet!

How to install hack-captive-portals

Installation on Kali Linux

sudo apt -y install sipcalc nmap
wget https://raw.githubusercontent.com/systematicat/hack-captive-portals/master/hack-captive.sh
sudo chmod u+x hack-captive.sh
sudo ./hack-captive.sh

Installation on BlackArch. Arch Linux

sudo pacman -S sipcalc nmap
wget https://raw.githubusercontent.com/systematicat/hack-captive-portals/master/hack-captive.sh
sudo chmod u+x hack-captive.sh
sudo ./hack-captive.sh

Installation on Linux (Debian, Mint, Ubuntu)

sudo apt update
sudo apt -y install sipcalc nmap
wget https://raw.githubusercontent.com/systematicat/hack-captive-portals/master/hack-captive.sh
sudo chmod u+x hack-captive.sh
sudo ./hack-captive.sh

hack-captive-portals Screenshots

hack-captive-portals Tutorials

Fast and simple method to bypass Captive Portal (hotspot with authorization on the web-interface)

Related tools