How I got free hotel wifi (and made you pay for it)

First and foremost I am not advocating anyone doing anything in this post. Much like my post on how I hacked your Facebook account post this is just an informational post in hopes you don’t become the victim.

Just like with the Facebook post I also want to point out that if you are tethering to your phone or connecting to your own mobile hotspot that is the way to go.  You can add more security layers on that but for 99% of the people reading if you travel just pay the extra 9$ a month to be able to tether your phone =P.

Ok lets get down to it.  Now there are several ways get free hotel wifi.  Here are a couple of easier ways to do it..

Currently almost all modern hotels use a “splash” page that  tells you to put in your lastname and room number.

Method 1 – Identity theft.

Once you do that just chill.   Fire up an application like KisMAC and watch as other computers hit that splash page.  This is what KisMAC will show you:


See all those MAC addresses on the right hand side?  That is a address that is unique to computers.  This is how 99% of all hotel wifi systems know who has already paid for access and who has not.

Now its important to wait until you get a bunch of MAC addresses here before you take action.

Why?  – Glad you asked.  These people are just hitting the page.  They are not (in most cases) already paying for the hotel wifi.  They are just getting hit with the page where they put in their last name and room number to bill the wifi to their room.

HOWEVER more than likely they have already or will shortly pay for internet access….

So…  all someone has to do is just copy down these MAC addresses and then set their computer to identify to the network as that computer.  On the MAC this is super simple by just executing the command:

sudo ifconfig en1 ether (enter computer's MAC code here)


sudo ifconfig en1 ether 00:f1:o3:e4:e5:e6

Now disconnect from the wifi and reconnect… try to access the web. If it doesn’t work then try another one…. and someone else’s expense.

Method 2 – Brute Force

This method is a lot more barbaric and criminal but it will work 100% of the time… if you are patient.  It also can take a little bit of programing knowledge… or if you have ever used a macro program in firefox it can be way easier.

Anyway here is how it works.

First you need to grab a list of the most common names in North America.  I got this list from wikipedia but I parsed it out to a line separated text file incase you want to use it…

The second thing you need to be prepared is know the range of room numbers for the floor you are on.

Now this is what we call “brute force”.  You basically,  programmatically, try every combination of room number and surname until it matches.  You can do this for multiple floors… but from what I have heard it works pretty quickly.

Then once it finds a combination it alerts you and boom you select how long you want the wifi access for and bill it to the Underhill’s  (thats a Fletch joke you are to young for).

Well thats basically it.  I tried to be really vague.  This was not meant to be a “walk through”.  I just wanted to show you how EXTREMELY easy it is for someone to hijack your internet or charge their internet to your room.