Penetration Testing mailing list archives
Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 12 Mar 2009 18:50:37 -0300
Hi Marco, Nice to see your reply. On Tue, Mar 10, 2009 at 8:43 AM, Marco Ivaldi <raptor () mediaservice net> wrote:
Is 10000/tcp the only open port on your target concentrator? If 500/udp is also open, ike-scan should work just fine. Alternatively, try running it with --tcp=2 --dport=10000 command line switches [1].
Yes, the 10000/tcp port is the unique opened. One of my first tries was the ike-scan at port 500/udp and --tcp=2 --dport=10000, both failed.
Do you have some experience with this device? Can you give me some hints? And point me to some tools for identify, enumerate and brute-force this Cisco implementation?
Yes, it say OPEN|FILTERED as all other ports at this host.
You should probably use the Cisco VPN Client [3], together with some scripting to automate the brute forcing process (expect [4] sounds good).
I'm doing it, but it work very slowww, the client is very slow to load. And the worst, from time to time, I start to get some connection timed-out. I did try to increase the timeout, but do not solve. I believe there is some anti-bruteforce feature at this vpn....
Just pick up your favorite: http://portswigger.net/proxy/ http://www.parosproxy.org/ http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
I did tested Paros and it is not able to do it. I'm testing Burp and it appear to work well. Thanks for the help.
Hope this helps.
For sure it help. Is always good to get some points from other folks in the security industry. Also if you can, take a look at my recent post called "Someone with experience in CDP / STP attacks?" maybe you can be intrested and have some hint.
-- Marco Ivaldi, OPST Lead Security Analyst Data Security Division @ Mediaservice.net Srl http://mediaservice.net/
Thanks folk
Current thread:
- Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 10)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? R. DuFresne (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Adriel T. Desautels (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Message not available
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 12)