Follow us on Twitter!
Ideas are far more powerful than guns.
Wednesday, April 23, 2014
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Members Online
Total Online: 16
Guests Online: 14
Members Online: 2

Registered Members: 82886
Newest Member: The Slummy
Latest Articles

WiFi Gateway/Ibahn bypass

Arrow Image I do hate all these fake free wifi networks so I decided to look into how to work around these annoying buggers.


I don\'t know about all of you but I\'m getting irked by the \"free wifi\" in airports and such charging by the hour, so I found a way to beat some of the systems.

Upon connection if you attempt to send a TCP or UDP packet it directs you to a transparent proxy which forces you to pay. This pretty much has you in a bind, no idea as to what the devil to do with the bloody thing.

Fortunately there is a way that may work to bypass this. Open up a CMD and ping a site like google. If it returns results then this workaround will work.

You see, by information returning through the ping request we can figure that there is some sort of protocol that can still hop the proxy without detection, otherwise you would get no response. This leaves the proxy wide open for some SSH or Tunneling attempts, but the most tested method is using Ping Tunnel. ( Be sure to read the information on that page.

For this to work you need a home server running some sort of shell or tunnel server. Typically the port that is left open is the ICMP port, but it is an abstract port running on a different OSI level than the typical TCP/UDP packets, the reason why it is rarely blocked. The corresponding physical port is port 7 which allows pings.


Now then on to the second part, the Business Centers and the Ibahn Kiosk/Terminal. They work fine for the most part, allowing business use and such, but blocks facebook and proxies. It gets rather annoying that all the social sites that you want to visit are blocked. Who do they think they are, a school?

Ibahn is by far no exception to the principal that anything can be hacked.

One of the methods I found out about was just jacking the Ethernet cord to your own laptop or device. That\'s all fine and dandy as long as the Hotel attendants and fellow users are fools. Nothing screams fishy like a cord hanging that\'s not supposed to be there and that little smile you get when you \"fixed\" something.

There\'s always obscuring your URL (

An example is will not work, BUT may work. Unfortunatelly this is only a temporary trick and you have to keep doing this for every page you visit. If you can get XSS going then try an iframe and viewing the page inside the Kiosk home.

Long hours and programmers do not mix well as some of you will attest to. It seems that when disabling the print button the programmers forgot about what would happen if someone maximized the window. It works.

Use the print to image option, the default one in most cases. This escapes the Kiosk shell. Use a jump drive with firefox on it after you vault that shell and you can imagine the possibilities there.

The system will still be locked down, no cmd, shell, taskman, or anything. Wait though, we can install things now that we\'ve vaulted the shell. Think, no taskman? Download an alternate. No Shell? Download an alternate.

Now as soon as you have some form of command prompt you can do pretty well anything, including using that IP in your room for their \"free\" public wifi. Learn a little bit about spoofing and see where that takes you.


The internet should be free in public places but those corporate rats have found every way possible to jack us out of even more money, so I find and read about ways to jack them back.

I hope this helped some of you! Happy Free \"Free\" Wifi!


c4p_sl0ckon March 03 2009 - 15:48:21
A nice article with some good information.
Sabrewulfon March 04 2009 - 19:48:20
I haven't been in a situation where I could try an Ibahn kiosk, but it sounds interesting. The ping tunnel concept is something I'll have to try out.
Cyph3rHellon March 14 2009 - 15:53:10
Nice one Lemur Smile
Uber0non March 22 2009 - 13:26:07
Very interesting, thanks B)
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.