| ▲ | Trying (and failing) to hack the Wall of Sheep (2022)(honeypot.net) | ||||||||||||||||
| 29 points by kstrauser 4 days ago | 11 comments | |||||||||||||||||
| ▲ | kstrauser 4 days ago | parent | next [-] | ||||||||||||||||
The Def Con security conference has open wifi, and people make a game of trying to capture packets of others trying to log into non-SSL websites. If successful, they post the credentials on the “Wall of Sheep”. One year I got the idea to try to exploit the Wall. I didn't succeed but had great fun trying! | |||||||||||||||||
| |||||||||||||||||
| ▲ | mystraline 2 days ago | parent | prev | next [-] | ||||||||||||||||
There was a person who captured a Logitech Starburst V2 packet capture from one of their management machines. Using a tool called JackIt, demonstrated either sniffing all text from a keyboard, OR injection of an emulated keyboard through the dongle. IIRC, the mouse was a clone Logitech that was even plugged in to charge. | |||||||||||||||||
| |||||||||||||||||
| ▲ | gryfft 2 days ago | parent | prev | next [-] | ||||||||||||||||
> They grinned: “it’s just some old software we run.” Ha! There are layers of lessons to be learned here. | |||||||||||||||||
| |||||||||||||||||
| ▲ | bsder 2 days ago | parent | prev | next [-] | ||||||||||||||||
Quote of TFA: > I asked the Shepherd how a login goes from being captured to being shown on the Wall of Sheep. Their reply doomed our fun: “I’d type it in.” Oh no. That’s not good. “Isn’t it automatic?”, I asked. The Shepherd paused to rub the bridge of their nose. “Well,” they sighed, “it was until people started sending a bunch of vile usernames and passwords and kind of ruined it2, so now we have to moderate the process.” | |||||||||||||||||
| |||||||||||||||||
| ▲ | netsharc a day ago | parent | prev [-] | ||||||||||||||||
I guess it shows even mere mortals attend Def Con. Thinking that website authentication is still being done with Basic Auth? Come on... | |||||||||||||||||