« BackTrying (and failing) to hack the Wall of Sheep (2022)honeypot.netSubmitted by kstrauser 5 days ago
  • bsder 3 days ago

    Quote of TFA:

    > I asked the Shepherd how a login goes from being captured to being shown on the Wall of Sheep. Their reply doomed our fun: “I’d type it in.” Oh no. That’s not good. “Isn’t it automatic?”, I asked. The Shepherd paused to rub the bridge of their nose. “Well,” they sighed, “it was until people started sending a bunch of vile usernames and passwords and kind of ruined it2, so now we have to moderate the process.”

    • kstrauser 3 days ago

      Some people take pride in ruining it for everyone.

    • kstrauser 5 days ago

      The Def Con security conference has open wifi, and people make a game of trying to capture packets of others trying to log into non-SSL websites. If successful, they post the credentials on the “Wall of Sheep”.

      One year I got the idea to try to exploit the Wall. I didn't succeed but had great fun trying!

      • cnewey 3 days ago

        Really enjoyed this story, thanks for sharing!

        • kstrauser 3 days ago

          You bet! It was a lot of fun to do and to write up afterward.

      • mystraline 3 days ago

        There was a person who captured a Logitech Starburst V2 packet capture from one of their management machines.

        Using a tool called JackIt, demonstrated either sniffing all text from a keyboard, OR injection of an emulated keyboard through the dongle.

        IIRC, the mouse was a clone Logitech that was even plugged in to charge.

        • hackernudes 3 days ago

          Ok this took me a minute to parse.

          Someone at DEFCON captured the wireless data from a mouse/keyboard dongle. The dongle was connected to a computer that belonged to the organizers, possibly managing the Wall of Sheep. They were able to capture and/or simulate input from/to the dongle.

          Nice.

      • gryfft 3 days ago

        > They grinned: “it’s just some old software we run.”

        Ha! There are layers of lessons to be learned here.

        • kstrauser 3 days ago

          Right? Huh, we need a tech stack that happily survives one of the most hostile networks in the world. Shall we update to a React SPA? Perhaps not.

        • netsharc 2 days ago

          I guess it shows even mere mortals attend Def Con. Thinking that website authentication is still being done with Basic Auth? Come on...