If you are doing a Pentest and you find a Vpn server there is a chance that it support Aggressive Mode, so what could we do?
1-Use Ikeprobe to check if the server support Aggressive Mode: ikeprobe ipserver
2-If we are lucky and there is a match, then we have to configure a vpn client (Safenet for example) with the information we have, we doesnt have the pre-shared key but doesnt matter, that is what we looking for.
3-Before firing up the vpn client, we have to put Cain to sniff the network traffic.
4-After the failed attempt Cain will have a sniffed the preshared key hash, now we send it to the Cain cracker.
5-And then we can launch Dictionary attack and if it fails, we can try brute force attack. We have to wait and wait... until the password is revealed.
I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...
In one of the latest penetration tests we faced a SSH server that was based in Maverick SSHTOOLS. The funny thing is that this server was ...
In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
Hi all, in this brief post i will like to share some new ezines about security that were relased this year, the first one is called Into the...