Wednesday, March 26, 2008

Hacker Quickie v1.0

[The following is provided for informational purposes only, and only to further the understanding of the curious.]
MAC addresses
The Media Access Control (MAC) address is a hardware based address that is unique to each networking device. This means that when you go to the store and see boxes and boxes of network cards, each one has its own unique MAC address. If you remove the Network Interface Card (NIC) (NOT NOT NOT "NIC Card") from your computer, and install it on another computer, that computer will have the same MAC address of your old computer. It's tied to the actual, physical device.

MAC addresses are used for low level routing (low level means on a local area network basis), and are not found out on the internet. If you connect your computer to your home router or cable modem, your MAC address will not go beyond that gateway device. The MAC address is used in a number of ways, but primarily it is used for unique identification of individual network devices. If you take two computers, and give them identical IP addresses, your router will know something's wrong, because there are two computers with two different MAC addresses, and the same IP address.

The idea that MAC addresses will always be unique is what we're going to exploit.

The MAC address that is set on the hardware will never change, the MAC address that your operating system stores for use, however, can change. Basically your networking drivers picks up the MAC address from the hardware, and uses it for future traffic. By simply changing that address after it has been obtained from the hardware by the software, you can effectively change your MAC address.

Ok, so your MAC address is different now. How is this useful? Well, since most networking hardware is predicated on networking devices playing by the rules, you can bypass restrictions set by networking hardware. To do something like, oh, I don't know... Obtain free internet access at a local coffee shop with one of those shit-eating website redirects that wants you to pay for internet access. Networking hardware recognizes computers based on IP address and MAC address, by changing your IP address and MAC address to that of someone who has already paid for access, you will be permitted internet access. This, of course, requires someone already be paying for internet access, and since you can't swing a dead cat without hitting a douchebag writing his novel or trying to look important while he checks his blog for comments over and over, this shouldn't be a problem.

You can also bypass the MAC address filtering on an unsecure wireless network. Simply obtain the MAC of an allowed machine, and emulate it.

Changing your MAC address for windows is as easy as SMAC. Hmmm... I've been out of the windows game for a while, and SMAC now appears to be a pay utility. I'm sure there's some other free utility that will allow you to change your MAC address on windows. You will probably have to disable the device or the connection before you can make the change, and then turn it back on. I forget what I had to do, but it was something similar.

Changing your MAC address for linux is an existing option that comes with the OS.
ifconfig hw eth0 12:FE:AB:78:90:CD
You may have to ifdown the interface before making the change, and then ifup it and check that it stuck.

Also know that the MAC address you change to must be valid. You can't just pick random numbers and letters. There are a number of random MAC address generators online, so grab one.

Coming up next time, capturing and reading network traffic.
For things like valid MAC addresses!

Disclaimer: ExistingThing does not condone the use of services which you are not allowed to use, even though there is a minuscule chance that you'll get caught, and a microscopic chance that you'll actually get charged. ExistingThing also reminds all the s00pr l33t hax0rz out there that hackers don't get slaps on the wrist any more, they get shipped to Guantanamo Bay as enemy combatants. No lawyer. No habeus corpus. No phone call. Go directly to jail. Do not pass go. Do not collect $200.

No comments: