Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Tutorial Ike-Scan IPsec VPN Tool Scanner

Tutorial thread

Abcdeath

Private
DFM Member
Joined
Sep 4, 2021
Messages
74
Reaction score
406
DragonCoin
8,583
Assalamualaikum wbt DFM
-Gathering Infomations Tool-

ike-scan is a command-line IPSec VPN Scanner & Testing Tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

IKE is the Internet Key Exchange protocol which is the key exchange and authentication mechanism used by IPsec. Just about all modern VPN systems implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange. Main Mode is one of the modes defined for phase-1 of the IKE exchange (the other defined mode is aggressive mode). RFC 2409 section 5 specifies that main mode must be implemented, therefore all IKE implementations can be expected to support main mode. Many also support Aggressive
Mode.


ike-scan can perform the following functions:-
  • Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent./li>
  • Fingerprinting Determine which IKE implementation the hosts are using, and in some cases determine the version of software that they are running. This is done in two ways: firstly by UDP backoff fingerprinting which involves recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; and secondly by Vendor ID fingerprinting which compares Vendor ID payloads from the VPN servers against known vendor id patterns.
  • Transform Enumeration Find which transform attributes are supported by the VPN server for IKE Phase-1 (e.g. encryption algorithm, hash algorithm etc.).
  • User Enumeration For some VPN systems, discover valid VPN usernames.
  • Pre-Shared Key Cracking Perform offline dictionary or brute-force password cracking for IKE Aggressive Mode with Pre-Shared Key authentication. This uses the tool to obtain the hash and other parameters, and psk-crack (which is part of the package) to perform the cracking.
The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper.


open Ike-Scan in terminal , IKE mean internet key exchange , use to discover ike host and also fingerprints using retranmission back off pattern , it discover host by running ike-scan and gathers all key with "IP-Address"
1.png


we see equally if this IP-Address uses ike scan vpn service or not , type ike-scan target.ip
this target IP-Address of .il , 1 host scanning and no display handshake any infomation , this means no service from the server
2ping.png


so we try to find Ike-Scan VPN server by using shodan.io web,
here you will get information about the use of Ike-Scan by some companies, their IP-Address I have highlighted , copy and paste IP-Address for scanned
Inked3sodan_LI.jpg


1 host scanning here and we got vendor id infomation , we can find hash,sha1,vid key etc
Inked4_LI.jpg


you can follow the command in attchment below to find more information,it aims to provide as much information possible to the attacker

this is learning, I am not responsible for the damage you do ,Thanks
 

Attachments

  • 4.png
    4.png
    49 KB · Views: 7
  • IkeScanComd.txt
    27 KB · Views: 7

Syedhafiz1234

Lance Corporal
DFM Member
Joined
Nov 14, 2021
Messages
117
Reaction score
262
DragonCoin
195
Assalamualaikum wbt DFM
-Gathering Infomations Tool-

ike-scan is a command-line IPSec VPN Scanner & Testing Tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

IKE is the Internet Key Exchange protocol which is the key exchange and authentication mechanism used by IPsec. Just about all modern VPN systems implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange. Main Mode is one of the modes defined for phase-1 of the IKE exchange (the other defined mode is aggressive mode). RFC 2409 section 5 specifies that main mode must be implemented, therefore all IKE implementations can be expected to support main mode. Many also support Aggressive
Mode.


ike-scan can perform the following functions:-
  • Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent./li>
  • Fingerprinting Determine which IKE implementation the hosts are using, and in some cases determine the version of software that they are running. This is done in two ways: firstly by UDP backoff fingerprinting which involves recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; and secondly by Vendor ID fingerprinting which compares Vendor ID payloads from the VPN servers against known vendor id patterns.
  • Transform Enumeration Find which transform attributes are supported by the VPN server for IKE Phase-1 (e.g. encryption algorithm, hash algorithm etc.).
  • User Enumeration For some VPN systems, discover valid VPN usernames.
  • Pre-Shared Key Cracking Perform offline dictionary or brute-force password cracking for IKE Aggressive Mode with Pre-Shared Key authentication. This uses the tool to obtain the hash and other parameters, and psk-crack (which is part of the package) to perform the cracking.
The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper.


open Ike-Scan in terminal , IKE mean internet key exchange , use to discover ike host and also fingerprints using retranmission back off pattern , it discover host by running ike-scan and gathers all key with "IP-Address"
View attachment 15549


we see equally if this IP-Address uses ike scan vpn service or not , type ike-scan target.ip
this target IP-Address of .il , 1 host scanning and no display handshake any infomation , this means no service from the server
View attachment 15550


so we try to find Ike-Scan VPN server by using shodan.io web,
here you will get information about the use of Ike-Scan by some companies, their IP-Address I have highlighted , copy and paste IP-Address for scanned
View attachment 15564


1 host scanning here and we got vendor id infomation , we can find hash,sha1,vid key etc
View attachment 15566


you can follow the command in attchment below to find more information,it aims to provide as much information possible to the attacker

this is learning, I am not responsible for the damage you do ,Thanks
nice tools sharing
 

LilBoyyy

Sargent
Bawang Rangers
Joined
Sep 29, 2021
Messages
585
Reaction score
2,637
DragonCoin
44,432
Eagle
Assalamualaikum wbt DFM
-Gathering Infomations Tool-

ike-scan is a command-line IPSec VPN Scanner & Testing Tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

IKE is the Internet Key Exchange protocol which is the key exchange and authentication mechanism used by IPsec. Just about all modern VPN systems implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange. Main Mode is one of the modes defined for phase-1 of the IKE exchange (the other defined mode is aggressive mode). RFC 2409 section 5 specifies that main mode must be implemented, therefore all IKE implementations can be expected to support main mode. Many also support Aggressive
Mode.


ike-scan can perform the following functions:-
  • Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent./li>
  • Fingerprinting Determine which IKE implementation the hosts are using, and in some cases determine the version of software that they are running. This is done in two ways: firstly by UDP backoff fingerprinting which involves recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; and secondly by Vendor ID fingerprinting which compares Vendor ID payloads from the VPN servers against known vendor id patterns.
  • Transform Enumeration Find which transform attributes are supported by the VPN server for IKE Phase-1 (e.g. encryption algorithm, hash algorithm etc.).
  • User Enumeration For some VPN systems, discover valid VPN usernames.
  • Pre-Shared Key Cracking Perform offline dictionary or brute-force password cracking for IKE Aggressive Mode with Pre-Shared Key authentication. This uses the tool to obtain the hash and other parameters, and psk-crack (which is part of the package) to perform the cracking.
The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper.


open Ike-Scan in terminal , IKE mean internet key exchange , use to discover ike host and also fingerprints using retranmission back off pattern , it discover host by running ike-scan and gathers all key with "IP-Address"
View attachment 15549


we see equally if this IP-Address uses ike scan vpn service or not , type ike-scan target.ip
this target IP-Address of .il , 1 host scanning and no display handshake any infomation , this means no service from the server
View attachment 15550


so we try to find Ike-Scan VPN server by using shodan.io web,
here you will get information about the use of Ike-Scan by some companies, their IP-Address I have highlighted , copy and paste IP-Address for scanned
View attachment 15564


1 host scanning here and we got vendor id infomation , we can find hash,sha1,vid key etc
View attachment 15566


you can follow the command in attchment below to find more information,it aims to provide as much information possible to the attacker

this is learning, I am not responsible for the damage you do ,Thanks
nice sharing thank you
 
Top