· Delowar Hossain · Security · 2 min read
How I hacked my Manager!
My employer bound internet access to device MAC addresses. So I cloned my phone's MAC onto an unrecognized laptop to prove the control could be bypassed.

I am always the guy in the room who likes to poke things even if those are not my field. I work in a Software Firm located in Bangladesh. We provide ERP solutions to different firms. But that’s not today’s part.
One thing got my attention when I joined. My employer took my mobile’s MAC address to approve my internet access. The motive was to prevent someone who knows the password but cannot access the internet due to device MAC binding. It’s a good feature but you need some more configuration applied along with this to get the perfect result.
One afternoon, I was talking to my colleague about MAC Cloning. My manager was passing and my colleague brought his attention. So, it’s a challenge now. I must show my manager that the current security feature must be improved and can be bypassed. It’s a challenge for me now, as I was arguing with my manager.
The following is my process list of how I bypassed MAC to get me internet access on an unrecognized device.
I booted up Ubuntu Mint and installed macchanger.
At first, I need to scan the network to find out the connected device. But as my mobile was already connected I know at least my MAC address. So, gladfully I skipped the initial stage.
Secondly, I had to shut down my network card.
ifconfig DEVICE downThen I changed my laptop’s mac address.
macchanger -m XX:XX:XX:XX:XX:XX DEVICEThen I had to power up my network card.
ifconfig DEVICE upAnd that’s it. I could browse the internet from the unauthenticated laptop and the router was treating the laptop as my mobile as I cloned my mobile’s MAC to the laptop.
Note: “My manager took this action very positively and didn’t cause any trouble as I mentioned the threat earlier. Your manager may NOT.”


