jreppiks

Ocassionally, on client projects I come across Guest Wireless Networks that require a login after connecting for further network/Internet access. In many cases this can be bypassed by spoofing the MAC address of a client that has already connected and authenticated to an AP. The reason this works is that an authenticated user’s MAC is given an IP that is allowed on the network, so when spoofing a MAC address, there is no need to authenticate as the MAC address is already allowed on the network. The steps below can be used to obtain a MAC address, spoof it and reconnect to an AP bypassing the captive portal login.

Recently I was able to fully root a NetApp OnCommand Performance Manager appliance using a Java Deserialization vulnerability and Dirty Cow.

It was a dark night. A car pulled up in the parking space next to me and quickly extinguished his lights. I looked out the my window and saw the driver. He gave me a quick nod and we exited our cars. Opening the trunk I pulled out my tools for the night. A backpack full of trash bags, a flash light, gloves, a tarp and oily rags taken from the garage. We walked in the warm summer air up a hill and to the street corner where the target was finally in view. There was the bank.