ikeforce's People
Forkers
atimorin jknightsy marksee jbarcia milo2012 0x90shell dipsec madmarks caoimhinp qardeneden subinacls gitcollect lubyruffy 0xdevalias sikkandar-sha cybershieldconsulting itmaciek panpepson c002 jaimemurra hamid-k hax0rg1rl m41doror bbhunter sireof applerich 4a4g0028 f1d094 mvetsch 0xquad nhanledinh michaelranaldo jtho162 an4kein modulexcite imulmul geosphere shamun masterscott sagaroffsec jc-socal elreydetoda rufuz0r patientzer00 wardtec cageman99 0x6d6f7468 cjoan75 nosorry hatlord mario-kart-felix dk47os3r hartl3y94 lzz todonnal-r7 mholkesvik-r7 mthoresonbf marksilinio klanec chalonga timb-machine-mirrors oc-m sn0w71 nicolefaye linuxkd decafbeef soheilkd bromigote zzzzz-attachment psibot syntaxhaxikeforce's Issues
Crash while running brute force
I attempted to run a brute force and got the following error:
root@wopr:/opt/ikeforce# ./ikeforce.py 1.2.3.4 -b -k ******** -i DefaultRAGroup -u cisco -w 500-worst-passwords.txt '
[+]Program started in XAUTH Brute Force Mode
[+]Single user provided - brute forcing passwords for user: cisco
Press return for a status update
Traceback (most recent call last):
File "./ikeforce.py", line 1876, in
respDict,vidHolder = ikeHandling.main(packets[-1],encType,hashType,encKey,initIV,curIV)
ValueError: too many values to unpack
Installation problems
Hi,
I'm trying to use ikeforce to enumerate groupnames and get valid PSKs for some Cisco devices.
I installed pyip, pycrypto and pyopenssl
When I try to run the program it says "Missing 'udp' library: install it with 'pip install pyip' then run again"
I realised that I got a Segmentation fault error when installing pyopenssl. After some research it seems that package python-openssl (already installed in my system) was causing the problem. I uninstall it and installed pyopenssl again, ikeforce is still not working, but the error now is a traceback from ikeclient.py "OpenSSL not installed"
I tried re-installing python-openssl and uninstalllling pyopenssl, but I get again the error "Missing 'udp' library: try installing pyip"; same if I re-install pyopenssl, (this time it installs without any problem)
Is there anything else that needs to be installed/removed?
I'm running up-to-date 4.9.0-kali4-amd64
Any help is really appreciated,
Cheers,
Problem with the final step
I'm running
root@test:/home/soc/ikeforce# python ikeforce.py 192.168.1.9 -b -i 3000 -k abc123 -u fed -w t.txt -t 5 2 65001 2
After that the final debug message is
--------------------Received Packet Number: 2--------------------
Duplicate of packet 1, discarding
Duplicate packet count: 1
I'm testing my openswan server with config and secrets
ipsec.secrets
192.168.1.9 %any : PSK "abc123"
192.168.1.9 @3000: PSK "abc123"
@fed : XAUTH "aaa"
ipsec.config
conn iketest
leftxauthserver=yes
pfs=yes
#rekey=no
leftmodecfgserver=yes
rightmodecfgclient=yes
#modecfgpull=yes
rightid=@3000
rightxauthclient=yes
left=192.168.1.9
[email protected]
leftsubnet=10.1.0.0/24
right=%any
authby=secret
ike=3des-sha;modp1024
aggrmode=yes
auth=esp
esp=3des-sha1
auto=add
Ikeforce is working while searching for groupID, correct ID was found but it doesn't work with the password
Could you help me?
Thank you
Another crash while running xauth brute force mode
I'm seeing another crash in the xauth brute force mode.
Traceback (most recent call last):
File "ikeforce.py", line 2582, in
mcfgIP = str(dicCrypto["MCFG_IPi"]).decode('hex')
KeyError: 'MCFG_IPi'
Not sure what would be needed to track this down.
Reference for ikecrypto not changed
First of, great tool! While in Test Mode using the -c flag, the following error was thrown:
IKE Server running in Thread-1
Traceback (most recent call last):
File "ikeforce.py", line 2389, in
ikeCrypto = crypto.ikeCrypto()
NameError: name 'crypto' is not defined
Found it was due to an unchanged reference in line 2389 of ikeforce.py (probably a reference which 'cloaked' itself :-) when you made reference changes in this commit) which;
currently reads: "ikeCrypto = crypto.ikeCrypto()"
but should be: "ikeCrypto = ikecrypto.ikeCrypto()"
Same issue found in "ikehandler.py", line 902
currently reads: "ikeCrypto = crypto.ikeCrypto()"
but should be: "ikeCrypto = ikecrypto.ikeCrypto()"
No 'status' update and hang during enumeration with groupnames.dic
While running ikeforce.py IP -e -w wordlists/groupnames.dic -t 5 2 65001 2
it detects the device is vulnerable to multiple response group name enumeration however the next phase, "Using New Cisco Group Enumeration Technique" where it says to 'Press return for a status update' it appears to hang. Additionally, the status updates do not work when I press enter, only a new line appears.
Attempting to troubleshoot but not making too much progress yet.
Error in Exception and syntax problem in ikeclient.py
Hi very nice tool.
Spotted a problem while using AES with keyLen 256bit. It would stick to the default 128bit.
Traced the error at https://github.com/SpiderLabs/ikeforce/blob/master/ikeclient.py#L218-L221
You will need to correct "padding1+encTypehashType+authtype" to "padding1+encType+hashType+authType"
Now the exception does not makes sense at all since it was erroneously added due to this syntax error (in a hurry? :) )
Better to check if the keyLen is None or empty. Please feel free to commit the best option since you know the protocol lots better than me..
Thanks,
Dimitris Strevinas
Is AES 7/256 supported?
I've got the correct transform set for an IKE Aggressive mode, which is 7/256 2 65001 2, discovered via generate-transforms.sh | xargs ike-scan...
When I give it to ikeforce to enumerate groups, it doesn't accept 7/256 because it says value is not an integer, and if I give only 7 it doesn't recognize the transform as good and tells me to use -a. If I use -a, it cannot find any valid transform.
I know that even groupid enumeration on latest VPNs has been patched, but I wanted to give it a try. Also, I could loop over all the groups in the list and search for XAUTH credentials (used by my pentest target).
So I'm wondering if AES 7/256 is just not supported by the tool.
Thank you in advance
Problem with pyopenssl==17.2.0
If you are having this problem.
./ikeforce.py [HOST_IP] -a
[+]Program started in Transform Set Enumeration Mode
[+]Checking for acceptable Transforms
Accepted (AM) Transform Sets
Traceback (most recent call last):
File "./ikeforce.py", line 307, in
iCookie = ikeneg.secRandom(8).encode('hex')
File "/home/master/git/ikeforce/ikeclient.py", line 46, in secRandom
randomBytes = OpenSSL.rand.bytes(bytes)
AttributeError: 'module' object has no attribute 'rand'
You can fix buy running this command
pip install 'pyopenssl==17.2.0'
NameError: global name 'crypto' is not defined && too many values to unpack
Sorry, I don't know github very well. I understand that I should make Pull request, but don't know how((
-
I have error in ikehandler.py line 902: ikeCrypto = crypto.ikeCrypto(). I have solved it by edit this row: ikeCrypto = ikecrypto.ikeCrypto()
-
Also I have error in ikeforce.py line 1876 respDict,vidHolder = ikeHandling.main(packets[-1],encType,hashType,encKey,initIV,curIV) ValueError: too many values to unpack.
I have solved it by edit row 937 in ikeHandler.py:
return dicCrypto, None
TypeError: Non-hexadecimal digit found
Getting the following error when running ikeforce:
Encrypted payload received.
Encrypted Payload: 768b4af3fd440dfe3d584f392af38db99907a97b60c1383b49c8493e95889882d1f8035fea1694e4f8826b5d8a230b68aeffe1b23dddc6197355ab8b11200cef491eab4e28919f46cedaeda02f3eb59758bb7fb4b0d36da4f914b0178b0af3a5
Traceback (most recent call last):
File "./ikeforce.py", line 708, in
respDict,listVIDs = ikeHandling.main(packets[-1],encType,hashType,encKey,initIV,curIV)
File "/opt/ikeforce/ikehandler.py", line 618, in main
ikeDecrypt = ikeCrypto.ikeCipher(encKey, initIV.decode('hex'), encType)
File "/usr/lib/python2.7/encodings/hex_codec.py", line 42, in hex_decode
output = binascii.a2b_hex(input)
TypeError: Non-hexadecimal digit found
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.