Sorry, been doing a lot of studying as of late and was a little tired in the early hours last night, let me further explain the setup. In said community, theres a wifi hotspot, well from what i can see a bunch of them, it starts as an open network, that proxies you to a login page. If you are not a member, you can sign up for short free trial, which as far as i can tell is only filtered by mac address, so ive been doing that. From what I've been able to tell, when you are an actual customer, you get a modem, which i believe to be a cisco one, and then it looks to create their own personal wifi and essid but from what I can tell , ( bare with me as im learning xD) its still piggy backing on the same connection the opn connections are coming from.
Im going to do more dabbling today, but a point in the right direction would be awesome
Last night after reading, i used airodump-ng and looked for these personal hotspots with devices on them, spoofed a devices mac and seen what happened, which wasnt much of course cause i still needed the routers WPA2 passphrase.
Another thing ive noticed is that the airodump scan returns results like such:
companywifi --- this is the open wifi
eddieswifi -- this is wpa2
randomwifi --- this is wpa2
the odd thing is that these little clusters all carry the SAME mac addresses except for maybe 1 or 2 varying numbers/letters. Im sure these are all connected because of their signal power.
I've done a few amount of reaver attacks on the wps enabled ones to no avail, as well as bully.
And unfortunately have not cracked the wpa2 yet,
Sorry for the long post but this setup is intriguing the hell out of me xD.
Oh, also, from what i can see the base router/s that is pumping out the hotspots are WEP based, but due to the size of this company, did not wanna dabble with that just quite yet.