Hacking Challenges

Episode 24 – Bypass Hotspot’s Access Controls

July 14th, 2009 by Patchy
In this episode, we demonstrate three ways to Bypass Hotspot’s Access Controls. A large amount of public hotspots require a fee to access the internet, and in this video we explain how a person can use Session Stealing, DNS Tunneling, and Ping Tunneling to bypass that hotspot’s access controls.

Video Stream Here
Download Here

Download ptunnel.exe

Posted in Videos | 14 Comments »

14 Responses

  1. dr_timoon Says:

    thanks for the great Episode
    in the ping tunnel
    when u connect to the ssh server u type a privte ip and as i understand that server is not on the lan it’s over internet
    so how you conecct to ssh by internal ip adress ?
    or after u make a a dns tunnel u able to connect to server by it’s local ip ? ? ?

  2. Patchy Says:

    It is a public IP address.

  3. dr_timoon Says:

    i mean in min 14:30 in the vedio
    when u connect to the server with putty
    u type the server local ip which is
    that a local ip not an pupblic ip ??

  4. Patchy Says:

    Iodine sets up basically a VPN on the subnet where is the server computer.

  5. dr_timoon Says:

    thanks agine and i’m sorry for keep asking :$
    i have some questions

    my lab
    i have 5 puplic ip i buy it from my isp

    i have a domin name on

    so my question about the dns tunnel ..

    in my domain i can’t make a custom dns record is this servics availbe only in dreamhost and godady or any domin register domain site ?
    and if yes i will buy an account in godady no problem
    so after that in the dns section do i will but my puplic ip that piont to backtrack3 that will be my iodined server ?
    and after that do i have to install dns server in backtrack3 coz this step i’m little confused in it !!!!!

    waitig for ur replay patchy.

  6. dr_timoon Says:

    for the domian name i make an other solution and it’s work with me
    i have a real ip
    and make an account in
    and piont my ip to dns host in no-ip site with my real ip
    i test it and work fine in my home
    so i will try to test it in starbuck cafe and tell u the result

    thanks for ur help and ur support

  7. dr_timoon Says:

    is this pic mean that i have make a dns working or still have erro ? from the clinet side

    waiting for ur replay patchy

  8. Patchy Says:

    Did you create a Nameserver (ns) entry in your dns records that points to your no-ip account? Also, when you run iodine did you put the url of your nameserver?

  9. dr_timoon Says:

    i’m sorry man i have made some wrong confiuration

    it’s now working 100% i test it it’s finaly work :D

    thanks patchy for ur help ,suport and great tut.

  10. DigitalF Says:

    Hey Patchy,

    Thanks for this, Extra Cool !
    My server has the INPUT firewall policy set to DROP, i allowed port 53 however the client still can’t connect, i have to disable the firewall completely in order for it to connect, should i open another specific port or what ?

  11. ClicK Says:

    Great artical, I found just using quest or genuity DNS servers dose the trick though, This is a pretty kewl site, but content seams to be for the “lower” skilled user.

    What i also wanted to make your users aware of is hacking wireless dose not have to be as difficult as people make it seam, with a little time and persistance you may not even need Airosnort/airocap, or even live linux distro’s like “aircrak-ng” to break a neibours wireless security.

    From my experience, MOST PEOPLE ARE STUPID, they do things like use their “last name” as SSID and PH as the WEP/WPA, try looking up your SSID’S in a phonebook, personaly i did a reverce in for my zip and imediatly got access to 3 wireless networks in my building alone!

    THINK OUTSIDE THE BOX PEOPLE! Tis what its all about!

  12. ClicK Says:

    A video I suggest for this site is how to make a USB waveform antennia (aka cantenna), most websites talk about n conectors ect, this is not needed!! all ya need is a USB wireless dongle, a foldgers can, and a usb extention cable….

    Do the calulation for the drill point usually 2-3 inches from bottom of can, punch a hole at this point, bug enough for the usb dongl to go threw but not the extention, plug the dongle inside the can the extention outside… now you have a 3 min cantenna, in most cases works as good as using n-connectors… Peace out


  13. Dreamclown Says:

    It very helpful.

  14. oskevee Says:

    man i just wanted to know the key to run the 2 commands at once in the backtrack shell console what key would i press to be able to do this

You must be logged in to leave a comment.