Post image for How I got free hotel wifi (and made you pay for it)

How I got free hotel wifi (and made you pay for it)

by Jeremy Schoemaker on October 9, 2012 · 21 comments

First and foremost I am not advocating anyone doing anything in this post. Much like my post on how I hacked your Facebook account post this is just an informational post in hopes you don’t become the victim.

Just like with the Facebook post I also want to point out that if you are tethering to your phone or connecting to your own mobile hotspot that is the way to go.  You can add more security layers on that but for 99% of the people reading if you travel just pay the extra 9$ a month to be able to tether your phone =P.

Ok lets get down to it.  Now there are several ways get free hotel wifi.  Here are a couple of easier ways to do it..

Currently almost all modern hotels use a “splash” page that  tells you to put in your lastname and room number.

Method 1 – Identity theft.

Once you do that just chill.   Fire up an application like KisMAC and watch as other computers hit that splash page.  This is what KisMAC will show you:

 

See all those MAC addresses on the right hand side?  That is a address that is unique to computers.  This is how 99% of all hotel wifi systems know who has already paid for access and who has not.

Now its important to wait until you get a bunch of MAC addresses here before you take action.

Why?  - Glad you asked.  These people are just hitting the page.  They are not (in most cases) already paying for the hotel wifi.  They are just getting hit with the page where they put in their last name and room number to bill the wifi to their room.

HOWEVER more than likely they have already or will shortly pay for internet access….

So…  all someone has to do is just copy down these MAC addresses and then set their computer to identify to the network as that computer.  On the MAC this is super simple by just executing the command:

sudo ifconfig en1 ether (enter computer's MAC code here)

Like:

sudo ifconfig en1 ether 00:f1:o3:e4:e5:e6

Now disconnect from the wifi and reconnect… try to access the web. If it doesn’t work then try another one…. and someone else’s expense.

Method 2 – Brute Force

This method is a lot more barbaric and criminal but it will work 100% of the time… if you are patient.  It also can take a little bit of programing knowledge… or if you have ever used a macro program in firefox it can be way easier.

Anyway here is how it works.

First you need to grab a list of the most common names in North America.  I got this list from wikipedia but I parsed it out to a line separated text file incase you want to use it…

The second thing you need to be prepared is know the range of room numbers for the floor you are on.

Now this is what we call “brute force”.  You basically,  programmatically, try every combination of room number and surname until it matches.  You can do this for multiple floors… but from what I have heard it works pretty quickly.

Then once it finds a combination it alerts you and boom you select how long you want the wifi access for and bill it to the Underhill’s  (thats a Fletch joke you are to young for).

Well thats basically it.  I tried to be really vague.  This was not meant to be a “walk through”.  I just wanted to show you how EXTREMELY easy it is for someone to hijack your internet or charge their internet to your room.

full disclosure

About the author...

– who has written 2857 posts on ShoeMoney.com.

Jeremy "ShoeMoney" Schoemaker is the founder & CEO of the ShoeMoney Blog, Elite Retreat Internet Conference, & the PAR Program. In 2013 Jeremy released his #1 Amazon Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. Jeremy currently lives in Lincoln Nebraska with his wife and 2 daughters.


Jeremy recommends you check out these amazing posts:

  1. skitched-20100315-200537 Are You Scared Shitless?
  2. shutterstock_47651305 PPV Advertising 101 – Untap the Potential (Part 1 of 3)
  3. Handsome young business man shaking hand with colleague in office Eat, Kill, Sex – Part 3 Face To Face

{ 19 comments }

1 Steve Smith

*yawn*

2 Axel Jack Metayer

Really, I just watched what room number Matt Cutts had, and put in his name & room on the splash page.

3 Jeremy Schoemaker

Cutts comes from the NSA background and I can tell you he not only will have a secure connection but also tunnel his connection through a vpn or ssh tunnel.

Hes really smart and geeky.

4 willis

Android users, get FoxFi for wireless tethering without the additional fee or rooting your phone.

Sorry iOS users, no love for you?! No seriously i hate you guys. J/K. I just don’t know. I’ve heard there are apps avail if you’ve jb’d your phone but I don’t know. I use my phone to connect my ipad to the internet.

5 willis

Android users, get FoxFi for wireless tethering without the additional fee or rooting your phone.

Sorry iOS users, no love for you?! No seriously i hate you guys. J/K. I just don’t know. I’ve heard there are apps avail if you’ve jb’d your phone but I don’t know. I use my phone to connect my ipad to the internet.

6 Jimmy

heheh

7 Howard

Ahhhh snap here we go again. This really makes me nervous I am not going to get internet from a hotel ever again

8 Lawrence

Wow this is a really creative idea

9 Raj

That is a pretty sick technique! I will have to try it sometime :)

10 Jasper

Here we go again with hacking shit. I am so tired of people doing this cheating the system

11 Howard

Cant believe people actually do this. This is crazy nuts

12 Floyd

I thought Macs could not get hacked?

13 Brice

ummm wow this kinda is scary

14 Vince

Wow there are smart people out there

15 Julius

Ahhhhh craziness Shoe…. how did you figure this out?

16 faisal

It happens only in the States, not in India. We use LAN ;p

17 Albert

Hell. Yeah. I love learning about this sort of stuff *muuhhahaha* also Willis thanks for the heads up as well man, i have an Android so ill have to try that for sure.

18 Cheap Website Banners

It’s scary out there.

19 Gary Beal

What version of FF does this work with?

Previous post:

Next post: