Lots of people have known this for quite a while - nothing new to see here. Here's a blog post by a friend of mine, from 2007 ("Bypass a wifi captive portal"), which includes an example of a script to handle it all: http://www.semicomplete.com/blog/2007/Aug/11
The basic idea is as follows:
1) ping the broadcast/multicast addresses to quickly fill the arp cache
2) change your mac address to that of the detected nodes
3) see if you can access the internet now [repeat step #2-3 until you can]
The basic idea is as follows:
1) ping the broadcast/multicast addresses to quickly fill the arp cache
2) change your mac address to that of the detected nodes
3) see if you can access the internet now [repeat step #2-3 until you can]