IKE VPN Service
UDP Port - 500 : isakmp
Description
IKEv1 has two phases, Phase 1 operates in Main Mode (6-way handshake) or Aggressive Mode (3-way handshake) while Phase 2 operates in Quick Mode.
ike-scan
Version identification : nmap
IPSec : Tool: strongswan
Once IPsec is up and running, simply go the browser and search for the IP.[In this case 10.10.10.116:80]
Configuration
inactivity
specifies the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic.keyexchange
: Ike versionike
specifies the cipher suite that we want to use. This is not new to us because this is the cipher suite exposed byike-scan
earlier on.esp
parameter is the only parameter that we need to guess.rightsubnet
specifies we are connecting securely (over IPSec) to Conceal for all TCP ports. [Recall from SNMP that Conceal is also listening on21/tcp
,80/tcp
,139/tcp
, and445/tcp]
type
specifies the type of connection we want to establish. In this case, we want to establish transport mode. [Since we're already using HTB VPN]
Add the Pass Key
Post connect: nmap scan
Aggressive Mode
Check if the 'Dead Peer Detection' field is in the response for fake group IDs. If yes, group ID cannot be enumerated.
Last updated