Penetration Testing mailing list archives
Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite?
From: aditya mukadam <aditya.mukadam () gmail com>
Date: Tue, 10 Mar 2009 15:27:28 +0530
Richard, Based on my personal experience with Cisco Concentrator, the result you received is pretty much expected. Quick Question: What are you exactly trying to achieve ? Brute force to get what/which info ? As you would know, Security Associations(SA) are created by the VPN Gateway during IPSec negotiation/connection. The Phase 1 SA is ISAKMP while the Phase 2 SAs are IPSEC (bi-directional). The actual traffic is encrypted with protocol ESP or encapsulated with AH ( not used nowadays). Packet is encapsulated in TCP 10000 after the IPSec connection successfully establishes. Insight to Cisco Concentrator. Its capable of: 1) Site to site IPSec VPN 2) Remote Access IPSec VPN Gateway 3) WebVPN (SSL VPN) Lemme know if you need more info. Hope this helps. Thanks, Aditya Govind Mukadam On Tue, Mar 10, 2009 at 3:00 AM, Richard Miles <richard.k.miles () googlemail com> wrote:
Hello I'm doing a pen-test in a Cisco 3015 concentrator - ipsec connections tunneled over TCP port 10000. By the way, ike-scan do not work with this vpn. Also the common tools to brute force like THC-pptp, THC-Hydra and Medusa do not work also. Nmap neither regoganize the port as opened (but it doesn't matter), it say filtered, but I can telnet and estabilish a connection to it. Do you have some experience with this device? Can you give me some hints? And point me to some tools for identify, enumerate and brute-force this Cisco implementation? A bit off-topic: Does anyone know a easy to install and configure web proxy for windows which enable headers rewrite? I need to setup a fast web proxy at my windows box to replace all headers (before they are sent to the webserver) of the "Cookie" field and a proprietary header. Thanks folks.
Current thread:
- Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 10)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? R. DuFresne (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Adriel T. Desautels (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Message not available
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 15)
- RE: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Alex Eden (Mar 15)