Accessing a restricted internet connection behind a access controller?

[erogol]

I aim to access internet in an environment that is controlled by a access controller like coova. It is waiting me to enter password to access internet but I don't have and it is not free. I know I can do such, capture packages that are from the computers connecting internet than I can change my computer's ethernet address to these ether net addresses belonging to others. In that way I can pass behind the barrier but I don't know good tools to do that in linux system. Con you suggest some tools or any other way if you know?

Regards...

[proxx]

Sweet.

Can you ping google, 8.8.8.8 (dns server)
In that case you can fallback to ICMP tunneling.

Can you resolve hostnames?

Does this get out?
nmap -p22 -P0 -Pn -n KNOWN_SSH_SERVER

In that case you can SSH tunnel to something you setup elsewhere.
(or break something )

Test for any unfiltered outgoing ports and set your SSH server to that port.


Many many other options, heck you can even try TOR.

[erogol]

Sweet.

Can you ping google, 8.8.8.8 (dns server)
In that case you can fallback to ICMP tunneling.

Can you resolve hostnames?

Does this get out?
nmap -p22 -P0 -Pn -n KNOWN_SSH_SERVER

In that case you can SSH tunnel to something you setup elsewhere.
(or break something )

Test for any unfiltered outgoing ports and set your SSH server to that port.


Many many other options, heck you can even try TOR.

ping does not work.
TOR is not allowed at.
Also cannot find any SSH server.

[RedBullAddicted]

Hi,

guess you are talking about some 802.1X protected network. There are many different ways to setup radius based access to a network. If you need to enter an username and a password I dont think you will make it through by just changing your mac address. Guess they create username and password combination in an directory like LDAP and allow authenticated users access to the internet and other parts of their network. Without knowing a correct combination you will be put into an isolated network part where you cant do anything. Describe everything you need to do a bit more in detail. Do you connect to a wireless network, open a browser and you need to enter your login credentials to a website? Or is it a wired network with domain authentication? Dont think there will be an easy way... not even sure if there is a way anyways.

Cheers,
RBA

[Daemon]

Listen to RBA, he's the man!! Well except for that one part at the end...
there's always a way in, you just have to find it

[RedBullAddicted]

Daemon you are absolutely right... like always. Maybe I should have said that it is going to be very difficult and he maybe looks at the wrong place. First of all he should be able to get as much information about the network as possible.
Have a look at what you get when you connect your machine to it (wireshark, tcpdump, DHCP settings). DHCP/DNS Servers should be reachable and maybe he can find a way in through them. Get more information about the access controller. Is there really one or is it just some kind of proxy which requires user authentication. If it is a wlan like I wrote in my first post make sure that it is radius authentication and not some sort of SSL VPN. Just to many unanswered questions to be helpful.

[erogol]

Hi,

guess you are talking about some 802.1X protected network. There are many different ways to setup radius based access to a network. If you need to enter an username and a password I dont think you will make it through by just changing your mac address. Guess they create username and password combination in an directory like LDAP and allow authenticated users access to the internet and other parts of their network. Without knowing a correct combination you will be put into an isolated network part where you cant do anything. Describe everything you need to do a bit more in detail. Do you connect to a wireless network, open a browser and you need to enter your login credentials to a website? Or is it a wired network with domain authentication? Dont think there will be an easy way... not even sure if there is a way anyways.

Cheers,
RBA

When you connect to lan (can be eth or wlan) you need to enter your ID and the password to connect to internet. The system is Coova. You might see on internet. I don't know what kind of blockage it uses but I pass it some times with MAC address change. Thereby I am open new solutions.

[noob]

Do you have home computer with dsl connection?You can easilyt set up ssh server,its not a science.

[iTpHo3NiX]

Do you have home computer with dsl connection?You can easilyt set up ssh server,its not a science.

[RedBullAddicted]

Hi erogol,

I dont know anything about coova and how it is working. Just did a bit of your work and found the following:

Traditionally, CoovaChilli only operated at a Layer2 level - directly handling all ARP and DHCP. Internally, chilli maintains a one-to-one relationship between MAC address and IP address of subscribers. When you build with --enable-layer3 (and run with run-time argument --layer3) this all changes. CoovaChilli will no longer handle Layer2 and will only track subscriber sessions based on IP address.

seems like they keep track of authenticated users by IP/MAC address combination or only IP address. Guess you need to pay for the internet access at least once. Do you have a friend who has paid access? First of all you should capture with wireshark or tcpdump during login to see what is send to the access controller for authentication and what you get back (cookie?). If your client is connected to the internet go to another client and try to ping the authenticated client. Have a look at your ip configuration you got from dhcp before and after logging in. Any changes? Try to set the ip and mac address from the authenticated client on the unauthenticated one. Should produce an "duplicate ip address detected" error and have a look if you can access the internet. Please give detailed information on what you did and what the result was.

Cheers,
RBA

[noob]

Port forwarding = easy

[erogol]

Hi erogol,

I dont know anything about coova and how it is working. Just did a bit of your work and found the following:

seems like they keep track of authenticated users by IP/MAC address combination or only IP address. Guess you need to pay for the internet access at least once. Do you have a friend who has paid access? First of all you should capture with wireshark or tcpdump during login to see what is send to the access controller for authentication and what you get back (cookie?). If your client is connected to the internet go to another client and try to ping the authenticated client. Have a look at your ip configuration you got from dhcp before and after logging in. Any changes? Try to set the ip and mac address from the authenticated client on the unauthenticated one. Should produce an "duplicate ip address detected" error and have a look if you can access the internet. Please give detailed information on what you did and what the result was.

Cheers,
RBA

I used a script that looks on the LAN and sees the different IP numbers that are currently connected to the lan. Then I choose one of those and get the MAC address of that host. I change my MAC address to that I found from the connected host.


I used this method some times and it works.


Here is the link to the script I wrote : [size=78%]https://github.com/erogol/hacking_scripts[/size]

[ba203]

Thanks!

[iTpHo3NiX]

Port forwarding = easy

wtf does port forwarding have to do with DSL being slow.. Fiber Optic is the new standard and DSL is struggling to keep up with their 2 data uplinks. For example if you get U-Verse they now put 2 data phone lines in to connect to the modem and its still 2 times slower then cable, and thats slow cable. Fiber optic these days can do 10GB/s with the standard starting off at 100MB/s however cable shares that line with neighbors thus giving you 20MB/s as DSL stuggles to deliver 10MB/s with 2 data uplinks

[noob]

Dude whats wrong with you?I used dls for example becose is a routable network and you can easily set up ssh server for one user.If has optic even better.