search

Captive Portals

Captive portals are often setup on unencrypted networks or open networks to allow guests or employees to easily connect to the network or the internet, sometimes without credentials.

hashtag
How they work?

  • A user connect to a network without having to provide credentials

  • Once connected, the OS or browser often detect there is a captive portal and automatically open the browser to login

  • The welcome page often contains rules and conditions or password prompt

hashtag
Attack Overview

We need to know about the target AP, then prepare Captive Portal, if the target network contains a captive portal, we can copy it, but we need to make sure that all the resources exist locally, if there is no existing one, we will create one, then we will create a Rogue AP to help or force the clients to connect to us so we can attempt to capture user credentials

PreviousWPA EnterpriseNextPrivilege Escalation Fundamentals

Last updated

Was this helpful?