Kali linux ike scan

VPNś ike-scan

To understand this method we need to learn how IKE works. In simple words IKE has two phases, phase 1 is responsible for setting up and establishing secure authenticated communication channel, and phase 2 encrypts and transports data.

Letś Start

For this we need to use the tool ike-scan and ikeprobe . First we need to update our Kali Linux system by using following command :

apt-get update && apt-get upgrade

git clone https://github.com/royhills/ike-scan.git

Or as you know that you can download it directly from Github by following link https://github.com/royhills/ike-scan.

• Browse to the directory where ike-scan is installed.
• Install autoconf by running following command :

to generate a .configure file.

to verify the building project.

Here x.x.x.x is the targetś ip address.

The following screenshot shows the output for preceding command :

ike-scan x.x.x.x -M -A /> We can even brute force the groupnames using the following script : 
https://github.com/SpiderLabs/groupenum. 
 
The command : 

./dt_group_enum.sh x.x.x.x groupnames.dic

Cracking the PSK

PSK crack attempts to crack IKE aggressive mode Pre-Shared Keys (PSK) that we can collect from ike-scan.

• Adding a -p flag in the ike-scan command it will show a response with the captured hash.
• To save the hash we provide a filename along with the -p flag.
• Next we can use the psk-crack with following command :

psk-crack -b 5 /path/to/pskkey

psk-crack -d /path/to/dictionary /path/to/pskkey

The following screenshot shows the output of preceding command :

How it works

In aggressive mode the authentication hash is transmitted as a response to the packet of the VPN client that tries to establish a connection Tunnel (IPSEC). This hash is not encrypted and hence it allows us to capture the hash and perform a brute force attack against it to recover our PSK.

This is not possible in Main Mode as it uses an encrypted hash along with a six way handshake, whereas aggressive mode uses only three way.

You may like these posts

Comments

Join Telegam Group

Popular Posts

Facebook Account Hacking — The Best 9 Methods

So, we have searched for Facebook account hacking . Almost all new comer in hacking field wants to hack Facebook or …

[Fixed] No WiFi Adapter Found on Kali Linux

When we install Kali Linux on Desktop or Laptop we didn’t connect it with Wi-Fi. Sometimes internal WiFi adapter n…

Easy Port Forwarding using SSH

Sometime we need to run our localhost website or server over internet. To do this we need to forward our port that oth…

Canarytokens — Danger For Attackers

Canarytokens are one type of customisable unique links that someone click or access this links we can get many informa…

Best USB WiFi Adapter For Kali Linux 2021 [Updated October]

Best WiFi Adapter for Kali Linux The all new Kali Linux 2021.1 was rolling out and we can simply use it as our …

Источник

How To Install ike-scan on Kali Linux

In this tutorial we learn how to install ike-scan on Kali Linux.

What is ike-scan

ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.

a) Discovery: Determine which hosts are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan.

b) Fingerprinting: Determine which IKE implementation the hosts are using. This is done by recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns.

The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper which should be included in the ike-scan kit as udp-backoff-fingerprinting-paper.txt. 

There are three ways to install ike-scan on Kali Linux . We can use apt-get , apt and aptitude . In the following sections we will describe each method. You can choose one of them.

Install ike-scan Using apt-get

Update apt database with apt-get using the following command.

After updating apt database, We can install ike-scan using apt-get by running the following command:

sudo apt-get -y install ike-scan 

Install ike-scan Using apt

Update apt database with apt using the following command.

After updating apt database, We can install ike-scan using apt by running the following command:

sudo apt -y install ike-scan 

Install ike-scan Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Kali Linux. Update apt database with aptitude using the following command.

After updating apt database, We can install ike-scan using aptitude by running the following command:

sudo aptitude -y install ike-scan 

How To Uninstall ike-scan on Kali Linux

To uninstall only the ike-scan package we can use the following command:

sudo apt-get remove ike-scan 

Uninstall ike-scan And Its Dependencies

To uninstall ike-scan and its dependencies that are no longer needed by Kali Linux, we can use the command below:

sudo apt-get -y autoremove ike-scan 

Remove ike-scan Configurations and Data

To remove ike-scan configuration and data from Kali Linux we can use the following command:

sudo apt-get -y purge ike-scan 

Remove ike-scan configuration, data, and all of its dependencies

We can use the following command to remove ike-scan configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge ike-scan 

References

Summary

In this tutorial we learn how to install ike-scan using different package management tools like apt, apt-get and aptitude.

Источник

Kali linux ike scan

IKE Scan is the number 2th tool used for information gathering. You will find it in the information Gathering section in Kali Linux.

Here we are discussing the Information Gathering Tools serially found on Kali Linux that comes pre-installed.

What is IKE Scan?

IKE Scan tool is not so popular tool, but it is popular among pro users and pen-testers. It is available for both Windows and Linux. It is an open-source project available for free on the internet. You can also modify and develop it under the GPL license.

IKE(Internet Key Exchange) Scan is used to discover IKE hosts and also fingerprints them using the re-transmission backoff pattern. IKE Scan discovers the hosts running by IKE. IKE scan sends requests to the IKE and shows the hosts who responded to the request from IKE.

It also does Fingerprinting which means it determines the implementation used by the IKE hosts. There are several ways to do this but mainly it uses a re-transmission backoff pattern.

How To Use IKE Scan

Fire up your Kali Linux, open up the terminal and type ike-scan, and hit enter to get the interface of the tool.

You can specify the hosts by their IP address or names. To do that simply use the command ike-scan 192.168.1.10. Replace the IP address with your target host.

To specify all hosts together in a given network using the format IP network/bits(ex: 192.168.1.10/24). It will scan all the hosts of a given network.

You can also use the –file command to specify a file where all hosts are saved.

How IKE Scan can be Taken in Use

We use IOT search engines to find the devices running the IKE server. Here we are using Shodan search engine which is very popular and very powerful. We got some IP addresses from the search results and picking the 1st IP address to do the test.

Now we will start the IKE Scan tool scan the IP address that we have picked up. To scan Hosts we use the command ike-scan the ip address which scans the hosts to know about their IKE sever.

It has shown the result. We can’t share the IP we scanned with you because probably it can be considered illegal. If it using IKE server you will get the possible report from

IKE has two phases, phase 1 is responsible for setting up and establishing secure authenticated communication channel, and phase 2 encrypts and transports data.

Our focus of interest here would be phase 1 ; it uses two methods of exchanging keys:

To scan a host for an aggressive mode handshake, use the following commands:

ike-scan x.x.x.x -M -A

Sometimes we will see the response after providing a valid group name like (vpn):

We can even brute force the groupnames using the following script:https://github.com/SpiderLabs/groupenum.https://github.com/SpiderLabs/groupenum The command: ./dt_group_enum.sh x.x.x.x groupnames.dic

Cracking the PSK

To learn how to crack the PSK follow the given steps:

1. Adding a -P flag in the ike-scan command it will show a response with the captured hash.
2. To save the hash we provide a filename along with the -P flag.
3. Next we can use the psk-crack with the following command:

psk-crack -b 5 /path/to/pskkey

1. Where -b is brute force mode and length is 5 .
2. To use a dictionary based attack we use the following command:

psk-crack -d /path/to/dictionary /path/to/pskkey

The following screenshot shows the output for the preceding command:

How it works…

In aggressive mode the authentication hash is transmitted as a response to the packet of the VPN client that tries to establish a connection Tunnel (IPSEC). This hash is not encrypted and hence it allows us to capture the hash and perform a brute force attack against it to recover our PSK.

This is not possible in main mode as it uses an encrypted hash along with a six way handshake, whereas aggressive mode uses only three way.

Hope this article helpful for you. Thank You

If You Appreciate What We Do Here On Hackonology, You Should Consider:

Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.

Let’s be a part of Hacker’s Community! Join our Hacking Team

We Are Indian We Are Great

Warning:

We are not sure about the law for scanning hosts for IKE server. Please read the law of your country and use the tool at your own risk. We are not responsible for any damage caused by illegal activity or misuse of the tool. The tutorial is only for educational purposes.

Источник