FakeIKEd – Fake IKE Daemon Tool For MITM


FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t currently do the client part of full MitM.

Fiked is partially based on vpnc and uses libgcrypt and optionally libnet.

Fiked supports IKEv1 in aggressive mode, using pre-shared keys and XAUTH. Supported algorithms are DES, 3DES, AES-128, AES-192, AES-256; MD5, SHA1; and DH groups 1, 2 and 5. IKE main mode is not supported.

The Attack

Basically, if you know the pre-shared key, also known as shared secret or group password, you can play Man in the Middle, impersonate the VPN gateway in IKE phase 1, and learn XAUTH user credentials in phase 2.

This attack is not new. It has been known for a long time that IKE using PSK with XAUTH is insecure, and this is not the first actual implementation of the attack.

To successfully demonstrate an attack on a VPN site, you need to know the shared secret, and you must be able to intercept the IKE traffic between the clients and the VPN gateway.


There are several ways to find out the shared secret, including being a legitimate user, grabbing it from some Cisco config file, using ike-crack, or layer 8 hackery.

There are also several ways to redirect the IKE traffic to your running fiked instance, including ARP spoofing, 802.11 hostap, or layer 1 hackery.

Usage

See the README file and fiked(1) manpage for more details.

Fiked builds and runs on FreeBSD, OpenBSD and Linux, and probably other BSD variants too. MacOS X is reported not to work.

You can download FakeIKEd here:

fiked-0.0.5.tar.bz2

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools

,


Latest Posts:


tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.


One Response to FakeIKEd – Fake IKE Daemon Tool For MITM

  1. Jeff Price August 6, 2009 at 9:42 pm #

    Now this is cool. Good Job.