This is a fairly quick one.. I decided to scan around for any open wireless, using Kismet. I found an AP with a hidden essid. Locking onto the channel for a little while resulted in finding the essid.
I configured the wireless interface to hook on to it, forced the channel manually, and bang, I was on. They even had dhcp running, too easy.
I wanted to see what AP I was connected to, so I went to the IP of the gateway, and was presented with a login to a Netgear DG834G. I tried logging in as admin/password, and was allowed in.
There's no fun here, it's just too easy.
I then wondered if it was possible to extract the guy's adsl password, just out of interest. I found this blog, which contained details.
All I had to do was click on this, and then wait a few seconds, and click on this, and I had a file containing the guy's login and password.
I then worked out what the first link was doing, saw "grep ppoa_ /tmp/nvram", and wondered if it was possible to do "cat /tmp/nvram", and drop the whole nvram file out.. yep. Not much more in there is useful though.
There's not even MAC filtering on this AP, I was at least thinking I'd have to clone a MAC address before I could connect, it was all just too easy. 1.5Mbit ADSL connection too.