IKE Scan is the number 2th tool used for information gathering. You will find it in the information Gathering section in Kali Linux.
Here we are discussing the Information Gathering Tools serially found on Kali Linux that comes pre-installed.
What is IKE Scan?
How To Use IKE Scan
You can specify the hosts by their IP address or names. To do that simply use the command ike-scan 192.168.1.10. Replace the IP address with your target host.
You can also use the –file command to specify a file where all hosts are saved.
How IKE Scan can be Taken in Use
IKE has two phases, phase 1 is responsible for setting up and establishing secure authenticated communication channel, and phase 2 encrypts and transports data.
Our focus of interest here would be phase 1; it uses two methods of exchanging keys:
- Main mode
- Aggressive mode
To scan a host for an aggressive mode handshake, use the following commands:
ike-scan x.x.x.x -M -A
Sometimes we will see the response after providing a valid group name like (vpn):
ike-scan x.x.x.x -M -A id=vpn
We can even brute force the groupnames using the following script:https://github.com/SpiderLabs/groupenum.https://github.com/SpiderLabs/groupenum The command:
./dt_group_enum.sh x.x.x.x groupnames.dic
Cracking the PSK
To learn how to crack the PSK follow the given steps:
- Adding a
-P
flag in theike-scan
command it will show a response with the captured hash. - To save the hash we provide a filename along with the
-P
flag. - Next we can use the
psk-crack
with the following command:
psk-crack -b 5 /path/to/pskkey
- Where
-b
is brute force mode and length is5
. - To use a dictionary based attack we use the following command:
psk-crack -d /path/to/dictionary /path/to/pskkey
The following screenshot shows the output for the preceding command:
How it works…
In aggressive mode the authentication hash is transmitted as a response to the packet of the VPN client that tries to establish a connection Tunnel (IPSEC). This hash is not encrypted and hence it allows us to capture the hash and perform a brute force attack against it to recover our PSK.
This is not possible in main mode as it uses an encrypted hash along with a six way handshake, whereas aggressive mode uses only three way.
Hope this article helpful for you. Thank You
If You Appreciate What We Do Here On Hackonology, You Should Consider:
Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.
Let's be a part of Hacker's Community! Join our Hacking Team
We Are Indian We Are Great