Trying (and failing) to hack the Wall of Sheep (2022)
4 days ago
- #DEF CON
- #XSS
- #Wall of Sheep
- The Wall of Sheep at DEF CON displays usernames and passwords captured from insecure Wi-Fi networks.
- The author attempts to hack the Wall of Sheep using Cross Site Scripting (XSS) by injecting JavaScript into the login field.
- Assumptions include the Wall being automated, rendered by a web browser, and not particularly secure.
- The attack involves setting up a webserver with HTTP Basic authentication and using a fake username containing JavaScript.
- Despite efforts, the attack fails because the Wall of Sheep is manually moderated, not automated.
- The author plans to try again next year with better preparation, including a burner device and more common authentication methods.
- Social engineering plays a role in the attempt, with the help of fellow DEF CON participants.
- The author emphasizes the importance of not ruining the fun for others with inappropriate content.