A framework for capturing user credentials and sensitive device information.
Most of the common web technologies used in the world are still using clear text authentication, Wall of Shame is an implementation to illustrate why this is such a bad idea. Wall of Shame is an OS independent tool that's written in python. Wall of Shame collects the user credentials, sensitive device information from unsecure devices around by creating multiple access points based on the device saved network broadcasts. Once a device connects to the access point created by the Hak5 device, one can get tricked by the portals with spoofed DNS. Further, this tool analyses the traffic of the connected device dynamically for gathering plain text authenticated credentials.
The hardware used for this is a Hak5 Pineapple. The project uses the in-built pineap module of the Hak5 Pineapple for getting devices connected to it. After a device connects to the pineapple, there are two ways for gathering the credentials.
Make sure that you have python3
, pip
, sshpass
installed.
Clone the repo.
$ git clone https://github.com/theevilsyn/wall-of-shame/
$ cd wall-of-Shame
$ pip install -r requirements.txt
$ scp -r portals/ root@<pineapple>:/sd/wall-of-shame/portals/
mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'username'@'localhost';
mysql> exit
$ ./wallofshame.py --setup
$ ./wallofshame.py --init
$ ./wallofshame.py --start <Method>
Developed with :hearts: by Team bi0s
Encountered strange behavior or an error? Here are some things to try before you shoot off that bug report:
Database Issues
Please recheck your database configurations like databse name, user, password and set the permissions accordingly.
Also check the config file with the configurations you've given.
Network Routing Issues
Portal Logs Error
If all else fails, file that bug report Please include the behavior you've observed, the behavior you expected, and any error messages.
It's a great help if you included a backtrace with errors.
This tool is for educational purposes only, the author nor the organisation is no way responsible for any consequences that take place due to unintended use of this tool in any manner.