Conceal

1356789

Comments

  • jkrjkr
    edited January 12
    .
  • when i turn up i see INVALID_ID_INFORMATION but when i run a statusall i see ESTABLISHED so idk what to think anymore :P

  • There is two phases in this protocol...
  • @jkr said:
    There is two phases in this protocol...

    Yes. I'm sure that we have to deal correctly with subnets on phase-2. I'm afraid if it require more specific variables.

    MrR3boot

  • @jkr - my error suggests my interesting traffic doesnt match. any tips on finding the right info for this?

  • edited January 10

    @jkr said:
    NO-PROPOSAL-CHOSEN you can just use a scanner for the protocol you need.

    but the information from the scanner didn't seem to work, or maybe there's a syntax issue with constructing the proposal. I can't seem to find documentation that helps for my particular client.

    Edit: using the wrong client, or using it with an incomplete package.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • @LegendarySpork the info from the scanner will get you phase 1. I still cant get phase 2 going.

  • If it is a matter of subnet maybe the scan also could lead to phase2, not sure how honestly ._.

  • @chppppp so that should get me past the proposal? I think that's phase 1.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • edited January 11

    @Warlord711 said:
    What client do you guys use to connect ? I tried vpnc but seems not to connect at all

    Edited: strongswan

  • @LegendarySpork said:
    @chppppp so that should get me past the proposal? I think that's phase 1.

    yes!

  • edited January 7

    Just to confirm:

    yes, you can connect directly from your kali box! :lol:

    0xEA31

  • @0xEA31 said:
    Just to confirm:

    yes, you can connect directly from your kali box! :lol:

    yeah! it works!!

  • a little suggestion : try to filter the traffic you are interested in...

  • edited January 8

    Here's the ONLY reference with a sample I have found: https://help.datica.com/hc/en-us/articles/115005906626--Legacy-VPN-Client-Setup (scroll down to the Ubuntu section where it gives an example of charon-cmd syntax)

    I still haven't successfully gotten past the phase1 proposal even using the syntax noted there with the crypto parameters I got from ike-scan.

    Edit: apparently charon-cmd (CLI tool associated with, but not identical to, the mighty waterfowl) is not sufficient. It supports m*** m*** so it gets slightly further than vpnc, but doesn't support the right profiles.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • @CiccioPas said:
    a little suggestion : try to filter the traffic you are interested in...

    I have experimented with left/rights****t a million diff ways but it never completes phase 2. What am I missing here?

  • @0xEA31, do we need to brute force to get the right configs? I mean specifically the s****t, in order to get the params the server is expecting. I ask because I tried all the obvious ones and I keep getting the same response.

    bianca

  • edited January 9

    Can someone PM with final selector required changes. This one killing me from long.

    Edit: Got the tunnel up. Now working on next step
    Edit: After getting ports feeling like lol. amazing box

    Edit: rooted :)

    MrR3boot

  • fjvfjv
    edited January 8

    Learning IP***, the hard way... :D

  • @fjv said:
    Learning IP***, the hard way... :D

    ip*** in real life you have all the info before building :P

  • This is not the way to learn ip***. The way to properly learn it is to set it up on both sides, knowing in advance the settings!

    Having to use brute force tools to guess the settings, and then having to figure out the proper way to write the command, only to have it not working for something else we still don't know, is just stupid..

  • I can confirm that it's also not easy to use the 'native client' :-) I think I am stuck where most of you are or were.

    Getting past phase 1 might be easier in a next-next-finish way, but after that you also tinker with the low-level config - and you might find less 'examples' and 'how-to's than for Linux as typically you don't need to make any changes there.

    I know one common root cause for the error I see - I even remember when that feature was added by Microsoft many years ago - but the usual fix does not help. In some sense that root cause is a bit similar to the 'double V**' so I wonder if it should work at all with that client ... The nested tunnels is also something not too easily replicated in a test environment. That stuff is tricky to troubleshoot even if you have full access at both sides of the connection :-)

  • edited January 10

    [deleted unhelpful comment]

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • jkrjkr
    edited January 12

    .

  • edited January 10

    @jkr If you have references you'd care to share in IM I'd appreciate it. Otherwise I'm skipping it because I'm not getting anything out it at this point.

    Edit: thanks for the IM! I still don't know what I'm doing but I'm back to a learning-per-hour rate > 0 . Edit 2: and making progress. Still no user but I've learned some stuff and am confident I'll get it eventually.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • @n00kie said:

    @Warlord711 said:
    What client do you guys use to connect ? I tried vpnc but seems not to connect at all

    charon-cmd

    Dont think its possible using only charon-cmd. I think we need strongswan installed and configured properly. Charon-cmd only got predefined profiles and none on them matches here.

  • edited January 8

    For me, it is very interesting to learn about the Linux clients. I am trying to translate what worked on Windows to Linux and vice versa.

    @Warlord711 Thanks for the confirmation! I looked into this client and did not find the options to exactly replicate what already worked on Windows - but I was not sure if you can use some or all of the options of the 'strong bird client' also in charon.

  • @Warlord711 that's a helpful bit of direction, thanks from all of us

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • I stop here for now until i find some time to invest hours into configuring another PITA piece of software like vpn client under linux - why keep things simple if you can overcomplicate everything with hundreds of config files and a pretty useless wiki/documentation.

  • The strong service has numerous configuration scenarios in its manpage. I am confident that one of them is the right one. :anguished:

    Giving it a try...

    ferreirasc

Sign In to comment.