Some Defense Against the Dark Arts.

2018.0406 Note: This post has been sitting in my draft files for a long while.  It's old but it should still be pretty significant today.  

===============

If you have ever visited the Wall of Sheep (WoS) at the Packet Hacking Village (PHV) in  DEF CON and just decided to sight see, that's all good. If you were to take away anything from that short visit, we hope you took note of the discretely posted warnings on posters, t-shirts and stickers.  Too often, media postings will say that WoS' goal is too shame unsuspecting attendees.  Well, I assure you that is not the intent.  The WoS mission has always been education, awareness and protection.  Here are some of the messages that have been used by PHV thru the years...

"SECURITY AWARENESS FOR THE FLOCK"
"Don't Get Caught Without Encryption"
"On The Air, Beware..."

With that said, let's start with the basics....at a minimal use VPN.  The following is ripped from NordVPNs Linux install page.  I do not work for NordVPN, but they do claim total anonymity including taking payments with gift cards (Starbucks, GAP, Old Navy...etc.)  There are free VPN services out there like VPNBook, but they did not indicate if they are logging or not.

How to connect to OpenVPN via shell:
1. Open terminal (keyboard shortcut: Ctrl + Alt + T).
2. Install OpenVPN client by entering `sudo apt-get install openvpn` (if you are requested a password, enter the password which you have used when creating your account).
3. Navigate to OpenVPN configuration directory with command `cd /etc/openvpn`
4. Download OpenVPN configuration files with command `sudo wget https://nordvpn.com/api/files/zip`
4.1. In case you will get `ERROR: The certificate of `nordvpn.com’ is not trusted.`, please install `ca-certificates` package with command `apt-get install ca-certificates`
5. If you do not have `unzip` package installed, download it by typing in `sudo apt-get install unzip`
6. Extract `config.zip` with command `sudo unzip zip`
7. Remove files which will be no longer used: `sudo rm zip`
8. To see the list of all available servers, simply enter `ls -al` command and it will print full configuration file list.
9. Choose a server which you would like to connect to.
10. Start OpenVPN with a chosen configuration by entering `sudo openvpn [file name]` (for example: `sudo openvpn at1.nordvpn.com.udp1194.ovpn`).
11. OpenVPN will ask you for credentials, so simply enter those in with your NordVPN account credentials.
12. You have successfully connected to VPN. To disconnect from the OpenVPN connection simply open terminal and press Ctrl + C on your keyboard.

How to connect to OpenVPN via Network Manager:

1. Open Terminal, Applications->Accessories->Terminal

2. Install network-manager-openvpn by typing in Terminal:
sudo apt-get install network-manager-openvpn-gnome
Press Enter (Enter password if it needed).

3. You will be prompted: Do you want to continue? Y/n Type Y and hit Enter.
4. Once installation is complete, restart Network Manager by typing:
sudo restart network-manager
Press Enter.

5. Network-manager is now running. Now download OpenVPN configuration files package from: .ovpn file package and CA & tls-auth certificate file package: CA and TLS certificates and extract them.
6. Click on the double arrow button at the top right of the screen and then select Edit Connections… from the drop-down.

7. You will be prompted to choose a connection type. Select Import a saved VPN configuration… and click on Create…

8. You will be prompted a window to select a file that you would like to import. Please navigate to a folder where you have extracted the configuration files and select one of the files from the list and click Open. You can check what file corresponds which server at our server list.

9. In the popped window select VPN tab.
GENERAL
Gateway: an IP or the hostname of the server (usually the server IP is already set in).
AUTHENTICATION
Type: Password;
User name: Your NordVPN username;
Password: Your NordVPN password;
CA Certificate: select a corresponding .crt file to the server which you are setting up, from the certificate file which you have downloaded previously.
Click on Advanced…


10. Open TLS Authentication tab.
Subject match: leave blank;
Verify peer (server) certificate usage signature: check and select Server;
Use additional TLS authentication: check;
Key file: select a corresponding .key file to the server which you are setting up, from the certificate file which you have downloaded previously;
Key direction: 1.
Click Ok and Save the configuration.


11. Now click on the double arrow button at the top right of the screen again and then select VPN connections from the drop-down.
Select the server which you have set up and click on it.

Congrats! You are connected to VPN. In NordVPN’s site you can check if the connection works well for you. Refresh the website and check if the status is shown as Secured. Until next time friends!

DEFCON 24: Wi-Fi Sheep Hunt Contest Brief

WI-FI SHEEP HUNT 2016

Wall of Sheep (WOS)

Packet Hacking Village (PHV)

MISSION BRIEF:

WELCOME to WI-FI SHEEP HUNT 2016. Your mission, if you choose to accept it, is to hunt and herd our lost SHEEPS. Clues will be broadcasted in the PHV airwaves – near, far and wide. You’ll need your strongest and fastest wireless “Kung-Fu” to collect the clues and decipher the codes. Accumulate points by playing one or all the challenges.

1:\> NFC SHEEP HUNT

2:\> RF SHEEP HUNT

3:\> WEP/WPA SHEEP HUNT

WARNING: If the “airwaves” smell rotten, that’s probably not us. This is DEF CON, don’t say we didn’t warn you...

REGISTRATION:

1. In person at PHV Info Booth.

2. Online at https://t.co/WFI9TLVt4j - CLOSED 08/06/2016

MISSION DETAILS:

1. NFC SHEEP HUNT: There are NFC tags hidden all around the PHV. Use your handheld device (iPhone, Android…etc.) to sniff them out, retrieve and decipher the codes. Points are awarded for every tag you find, extra points for every code you decipher.

2. RF SHEEP HUNT: Locate RF beacons, then decipher the codes to earn points.  We have military grade radio detection gear for you to use. Registration and gear reservation is required. Go to the PHV Info Booth for details.

1. WEP/WPA SHEEP HUNT: Find the correct WEP/WPA APs and crack the key. Every key (WEP/WPA) you crack & submit earns you points.

WEP? really?! But how strong is your wireless kung-fu?! These APs are dynamic and can change its security settings. Move fast when you spot them ---> crack the key and grab a sheep before it disappears.  NOTE: Point value decreases the longer you take to crack it.

EXTRA POINTS: Grab SHEEPS (files) from WEP, move them to the WPA.  Once you’re inside the network, sniff around and hunt for SHEEPS (files)… yes, you’ll need both keys to move the files from one wireless network to the other.

NEED HELP TO JOIN THE FUN?

Come by the Wi-Fi Sheep Hunt desk and we’ll help you to get started. No laptop or gear? No problem, we have some you can use for a limited time. Registration and gear reservation is at the PHV Info Booth.

FOR TIPS/CLUES:  Follow the @WallofSheep on Twitter

Go To: https://twitter.com/wallofsheep

Hashtag: #WOS #WIFISH #SHEEPHUNT

PHV Equipment Check for DEFCON 24 [revised 201:10:40]

08/10/2016 UPDATE: This post also appeared in the Wall of Sheep blog ->> CLICK HERE

They say not to bring any electronic devices at DEFCON!? .... what's the fun in that? Well, your mother also said not to get in a strange car with a stranger... UBER, anyone?

It’s time to prep your gear for the Packet Hacking Village (PHV) at DEFCON 24. Although, the PHV staff will have some gear for you to use, I highly recommend to bring your own "FOR DEFCON USE ONLY" gear.

For the Wall of Sheep and Wi-Fi Sheep Hunt you'll need a laptop with wired and wireless sniffing capabilities. I spent about $200 for a used laptop from eBay. Also, invested on an Alpha wireless USB card from Amazon, load Kali on the laptop and you're basically good to go. Most tools you'll need are already included in Kali.  The PHV staff can help you refine your setup and config depending on what event you want to try out.

For Sheep City, you can use the same laptop you plan to use for WOS and WIFISH.  But it will require a bit more creativity and possibly a visit to the vendor area or Fry's.  Prep for Bluetooth, ZigBee, IrDa, RF...etc. Be ready for anything.

Packet Detective runs like a classroom format. IMHO, this is a "MUST DO" event at PHV. PHV will have laptops setup for PD Agent trainees to use... Yes, you don't have to bring your own laptop to participate.  This is a very popular event and laptops are limited. Sign up early.

Wi-Fi Sheep Hunt will also have a sign-up sheet for the gear use this year. You can use your own equipment to join the RF Sheep Hunt and code breaking fun.  There will also be a couple of laptops for players to use, if you're to chicken to use yours, but only for limited time slots. 

Capture the Packet has produced Black Badge winners at DEFCON. If you're just prepping now, you're already behind... you get my drift.

If you're asking which one to do first, I'd say do it all! But if it's your first ever visit at PHV, here's the order of events I'd suggest..

1. Packet Detective
2. Wall of Sheep
3. WiFi Sheep Hunt
4. Sheep City
5. Capture The Packet

Don't forget about the PHV Speaker Workshops which are excellent that it's almost always standing room only, no equipment required... well, maybe at least a pen and paper. PHV is also an excellent spot if you just want to hangout. Drop by and check out our DJs at the WOSDJCO... it will be hard to miss them -> required equipment = a drink in hand.  

...

DEFCON 23: WiFi Sheep Hunt Summary of Contest

WiFi Sheep Hunt Summary of Contest:

Hello potential WiFi Sheep Hunt contestants! We have lost our Ovis aries, or Sheep for the biologically impaired. Your job as a Sheep Herder is to help us find our sheep and return them to the “farm”. 

The first Sheep Herder to successfully return all lost sheep to the “farm” will be the 1 st Prize Winner of the WiFi Sheep Hunt contest. 

This year we have 3 ways of sheep herding (playing). You choose the way you want to play, but choose carefully, as once you choose you may not switch to another way of playing. A Sheep Herder may be an individual or a team but as a team you may only choose one way of playing.
 
Sheep Herder Type 1
This type of sheep herder has a computer, tablet or other type device with wireless packet sniffing capabilities/skills and is not afraid to use them at DEF CON. These individuals are brave, very brave.

Sheep Herder Type 2 
This type of sheep herder has no computing device whatsoever, which in some cases may be a wise choice at DEF CON, but wants to join in on the fun. YES, you do not need a phone, you do not need a tablet and you do not need a computer to play as type 2 sheep herder.

Sheep Herder Type 3
This type of sheep herder has a phone, tablet or other type device with NFC reading capabilities and is not afraid to use them at DEF CON. You did make a backup image of your phone and/or tablet before you arrived didn't you?

NOTE: In years past we have frowned upon hacking our contest equipment but this year we have had change of heart, as long as you don't render it useless. 

DO NOT BRICK IT. 

Our equipment is dated, has not been patched and may be vulnerable to attacks. This is DEF CON btw. Hack at least 2 of our wireless access points and ONLY OUR WIRELESS ACCESS POINTS and prove to us YOU hacked them by changing their broadcasting SSIDs to something that identifies YOU and if no one returns all our sheep to the “farm” then you win 1st Prize. You must have signed up as a Sheep Herder Type 1 to win in this way.

WoS Terminal Commands

Simple commands a ran to herd some sheeps at the wall that worked pretty well.  

WORKS:
 dsniff -p <pcap filename> | grep "PASS" -A 5 -B 5 (note: or "USER", be creative)
 tcpdump -i eth0 -C 500000 -s 65535 -w <pcap filename>

You'll have to come up with your own strategy on how to efficiently get your pcaps and analyzing them without bogging your laptop too much.  speed, efficiency and accuracy.

I'm planning to see if I can combine all the tools in one automated WoS specific sniffer for next year.  It might come out ghetto style but who cares as long as it herds sheep, spread the word and make people believe that it is not a joke.  Security Awareness for the Flock. 

other toolz:
rawshark
tshark
capinfos
driftnet

==================
3- driftnet
4- msgsnarf
5- mailsnarf
6- urlsnarf

Info needed to submit herded sheep:
1. IP Address
2. Protocol
3. Username

4. Password