Comment on page
500 (IPSEC IKE)
ike-scan IP -A
- aggressive-mode (-A) get PSK
ike-scan IP -M
- multi-line - easy to read
- SA (Security association data) --- copy it.
if a SNMP is open make sure to do some snmpwalk to get VPN PSK data, which you could use with the SA data. (hash type, group)
Life duration -- it will print hexadecimal characters ---> convert it to decimal. ---> hours)
apt install srongswan
once downloaded, you can edit the /etc/ipsec.secrets
paste the followiog:
VICTIM_IP %any ; PSK "paste the plain text PSK"
Edit /etc/ipsec.conf
Unser Sample VPN conections:
conn BOX_NAME
type=transport
keyexchange=ikev1
left=your_IP
leftprotoport=tcp
right=victim-IP
rightprotoport=tcp
authby=PSK
esp=3des-sha1
ike=3des-sha1-mod1024
ikelifetime=8h
auto=start
ipsec start --no fork
-leftprotoport=tcp & rightprotoport=tcp
- set these if TCP ports are hidden from us.
For trouble shooting ike stuff, https://docs.netgate.com/pfsense/en/latest/troubleshooting/ipsec-traffic.html
If no errors, run nmap scan wit -sT option!
(you cannot do a SYN scan---the default scan, when the client is using a VPN service. You have to complete a handshake.)
Last modified 1yr ago