Hack Captive Portals (Hotel & Airport Networks)

Показать описание

This lecture shows how to gain access to captive portals, these are networks similar airport and hotel networks where you connect to an open network, but you won't be able to access the internet without a username and password.
This video is part of my full course on advanced network hacking, checkout the following link for more info and to get a nice discount on the course:
---------------------------------------------------------------
✳️ Subscribe and use this link to opt-in to the course giveaway 👇
---------------------------------------------------------------
🧠 My hacking courses 👇
---------------------------------------------------------------
---------------------------------------------------------------
⚠️ This video is made for educational purposes only, we only test devices and systems that we own or have permission to test, you should not test the security of devices that you do not own or do not have permission to test. ⚠️

Рекомендации по теме

Комментарии

Awesome zaid bhai. U r best instructor ever I seen on Udemy. Nice presentation of classes and direct to the point of subject. U helped me alot. God bless you. Keep it up.

AkbarBashashaik

----VIDEO ANALYSIS----

Hello zSecurity! I'm a longtime watcher, first time commenter, and amateur pen-tester. I feel I've got some contributions to make:
So I've got a few key takeaways from your video.
1. First of all, the password intercept method using wireshark only works if the login is sent over HTTP (non-encrypted plaintext) which is an obsolete protocol though still widely used. In fact, your windows (victim machine) even gave you a message at about 7:08 that a password sent over that could be compromised.
2. Deauth attacks work great, but in order to perform a deauth you need a few things. I really wish you took the time to show them in your video because repetition is key to learning. First of all you need a NIC which can go into monitor mode. This is where a phone will not be able to do this unless it is rooted. Also, you need to ensure that the network you're deauthing has a client to deauth. This is where often times you're stopped because the network doesn't disclose the clients that are on it. I don't know how that works and would like some explanation: sometimes my scripts have no problem finding clients, especially once I'm already authenticated into the captive portal, but other times the only client i can find besides myself is the gateway. All this is to ask, is there some kind of defense tactic against this deauth attack which prevents you from seeing clients? How would such a thing be bypassed in theory? Oh, also I use the WiFite script you've discussed in your other videos to perform deauths, so I should probably look up how to do this manually. I would suppose that would be my next step.
4. The most trivial way as far as I know to trick a captive portal is to MAC spoof. It should be mentioned that an unrooted Android and an IPhone simply cannot do this, and this is by design. You briefly mentioned this. It's easy, you can use a large amount of various utilities to spoof the mac, my personal favorite being the GNU macchanger which I actually wrote a script for, but it can be done with other commands like ip as well. However, I still have not figured out how to effectively MAC spoof without keeping the first half (the vendor bits) intact. Any help here would be appreciated, because if i try to spoof my MAC to something that isn't the same equipment manufacturer as my NIC, I cannot connect to anything at all. Is there some reason this is happening, or some option in macchanger to stop this? If you could, please make a video covering MAC spoofing in depth; there's a lack of them on YouTube.

I loved your video, and your other videos. Please read my comments as an attempt to constructively contribute. If I am wrong, let me know where. I am learning just like everyone here.

fyodor

dude im surprise this video only got 9k views and 189 thumbs up... you actually explain everything very well good job... great vid

djohnson

Am currently enrolled in ur Udemy class u r A great teacher. Thanks for having YouTube channel.

aniketsrivastav

A quick look at the log-in page source code, to check what is the value of the form label will minimize the guess work when going through the airport as well.

plzzz

Very clear and well explained. I already used this technique . I spoofed the mac address and once I have reloaded the connection page, I was connected as the user I spoofed. #magical :)

dne

Nicely explained thanks bro now i can enjoy with my free hotel wifi 😉

gokufpv

I want to learn how to make a captive portal in linux, can you cover how you did yours?

JNET_Reloaded

Brother keep it up plz need more videos god bless you...

muhammadnajamulislam

Awsome this is awstruck brilliance i believe this come not but by burning the midnight lamp.

henrysawyerr

can you tell us where are you from Ziad and where can we find and apply to your valuable lessons please?

anwarahmed

Best teacher, please I Want to know how to solve mac address issues

jeanhyblanchet

does anyone see" hidden network" on their network range ?

everythingfootballpro

Would you run the deauth before scanning or while for say a couple of minutes ?

krisdouglas

Really really so nice thanks you so much bro

Abdihakim-com

Question Zaid, if you’re sniffing the packets of an unprotected network that has a captive portal, can say a cyber security manager see you’re sniffing the packets of their network?

liam

dear sir please explain about Meltdown and Spectre Vulnerability

Code-Matters

What portable wireless card u using?
Is it ok to use the built in wireless card with the kali

samyu

Hi great stuff thanks. I’m not too familiar with wireshark, is there a way to set 2 filters? As in http & post ?
One other thing, would it be easier to use tshark? Not that I’ve used that either I’m just meaning in terms of filtering written data.
Thanks again

krisdouglas

In many of yours videos that I have watched U use different command prompt. Are those things possible with normal command prompt or we need to install kali linux for those these actions?

sin

Hack Captive Portals (Hotel & Airport Networks)

Hack Captive Portals (Hotel & Airport Networks)

Connect to a Captive Portal at a Hotel, Airport, or Coffee Shop using a GLiNet Travel Router

Hack Hotel, Airplane & Coffee Shop Hotspots for Free Wi-Fi with MAC Spoofing [Tutorial]

Unlocking WiFi Access: Bypassing Captive Portal Limitations without a Browser-Enabled Device!

ESP8266 Captive Portal Instagram Login Page

DEF CON 24 - Grant Bugher - Bypassing Captive Portals and Limited Networks

my favorite hack for stubborn hotel wifi #travelhack #traveltips #travelshorts

Secure Your Hotel's WIFI with a Captive Portal and MFA #shorts #itsupport #hotelmanagement

🚨Creating a Fake Captive Portal: How It Works and Why It Matters! || Evil Twin || The GhostLink

WiFi Hacking using Evil Twin Attacks and Captive Portals - learn Security Hacking

Starbucks portal + Wifipumpkin3

Sniff Login Credentials from the Captive Portal || Hacking captive portal || Prey time ||

Hacking QuickTip 40 - Captive Portal Bypass - Free Public WiFi

Captive Portal Auto Login Feature of OpenWISP

Captive portal BYPASS DEMONSTRATION - MAC Spoofing

Get Free Hotel Wi-Fi & Bypass Paywall

Gl.Inet VPN Travel Router Captive Portal Ultimate Guide: Connect to Any Public Wifi Network

Unlimited WiFi: Bypass Captive Portals and Proxies with a Twist! - Sajeeb Lohani

Captive Portal Workflow

How to Bypass Xfinity Wifi Login 2022 (OUTDATED)

Bypass Captive Portals 2017

Dealing with a captive portal when using a Travel Router for Cruises and Hotels - How To tutorial

captive portal bypass

Auto connect IPHONE to PfSense Captive Portal.