Closed halfluke closed 5 years ago
Sorry for the delay, yes you can set the key length with -l or--keylen
btw you can also enumerate all aggressive transforms using ikeforce with -a -s1
Thank you about the keylen tip. Wondering why -a couldn't find any transform: is the -s1 option important? Can I also ask why the project is not maintained any longer? Is it because nowadays there is no real way to determine a correct groupid?
Thank you :-)
-s isn't important it's just speed but it finishes faster with -s 1. Did it miss some aggressive mode transform using -a?
Yeah it's not common to find any Cisco devices where you can enumerate the ID any longer, but you can still use it against other vendors that follow the RFCs and notify when the ID is incorrect. The code needs refactoring and moving to Py3 but it's just not worth the effort involved.
Yes as I mentioned I was able tofind 7/256 2 65001 2, via generate-transforms.sh | xargs ike-scan. But when I tried with ikeforce -a it didn't find anything. That's why I thought that maybe ikeforce was not able to handle aes 7/256 at all
Ah I've just realised it's not checking all key sizes for AES, I might have to add that in. Thanks for pointing it out
I've got the correct transform set for an IKE Aggressive mode, which is 7/256 2 65001 2, discovered via generate-transforms.sh | xargs ike-scan... When I give it to ikeforce to enumerate groups, it doesn't accept 7/256 because it says value is not an integer, and if I give only 7 it doesn't recognize the transform as good and tells me to use -a. If I use -a, it cannot find any valid transform. I know that even groupid enumeration on latest VPNs has been patched, but I wanted to give it a try. Also, I could loop over all the groups in the list and search for XAUTH credentials (used by my pentest target). So I'm wondering if AES 7/256 is just not supported by the tool.
Thank you in advance