Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The author of this post was on a twelve hour trip from Canada to Hong Kong. The plane had WiFi but it was a requirement to pay $30.75 For everyone else on the WiFi, it offered free texting.

acwifi.com is the captive portal and asks for a Aeroplan payment. So, some websites work, such as https://acwifi.com, but others do not? For instance, github.com. Can we circumvent this!?

Initially, they tried to disguise the domain. They set the /etc/hosts to be acwifi.com to go to a proxy server. By doing this, the DNS record would be rebinded. When they tried to ping the IP, this failed. Their best hypothesis was that ICMP and TLS were blocked.

Much of the time, DNS arbitrarily works. This was the case here as well. This was both UDP and TCP-based DNS queries. This tells us one thing: the firewall allows all data through port 53. So, they setup a proxy on port 53 and connect to it. Boom! WiFi without paying for it ;) They also think that DNS tunneling would have worked as well.

Another mechanism for bypassing the protections would be to use ARP Spoofing. By becoming a different MAC address you can simply become another user who is paid, as far as the network is concerned. This is a slightly more criminal so they decided not to do this though.