Lately a number of blogs posted comments on a very old post, dated 2006 about how to hack a commercial wireless, goes like this:

“I continued to try a couple other things, like checking if they eventually forgot some ports like 21 (ftp) or 110 (pop3). But no, all of them were properly blocked. After a lot of unsuccesfull attempts, I had some intuition telling me to check how they handle pictures. Without any hope of success I typed http://www.google.com/.jpg into my browser’s adress bar, and to my big surprise I saw the page you see when you follow the link right now. The next thing I typed in was: http://www.google.com/?.jpg but that didn’t work. But I went on, and found that url’s like http://www.google.com/search?.jpg worked like a charm. I found that I could easily visit sites like slashdot, google, or even this weblog, when adding a ?.jpg at the end of the url. The next logical step was to automate that. I downloaded greasemonkey.xpi?.jpg (*g*) and wrote a 4 line js script that would add ?.jpg to every link in a document. That way I was able to browse most sites without a hassle. Unfortunatly, I didn’t get to explore this vulnerbility much more, because I had to board the airplane, were I waited another 3 hours due to a mechanical failure – without wlan : /.”

What normally happens in a router with captive portal is, you have a firewall rule that redirects you to a local http server, this server gets a bunch of information about you, like ip address, mac address, url you tried to access and so on, then it displays a website so you can log in.

If this local web server or called application that redirects you is bugged, might help you get free access, but I really doubt this will work on any network, but I can’t talk about others, in Vex, this by far will not work.