Conceal

I found a few services. Thing is, they seem to respond to manual probing better than “port scanning”. I have no idea wtf is going on yet though, so don’t mind me.

Im in the same boat as everyone here, got everything + Phases but no luck on the password.

@r518 said:
Im in the same boat as everyone here, got everything + Phases but no luck on the password.

I thinks password is not one think to guess, you need group name also.

its funny for me cause everyone is getting users using v1 and i did enum v1 and v2c both dont give me any usernames.

FIX: i used different tool.

You can get username using the normal tool you always use.

i’m new and please help me. so basically i scanned ports and only *** is up and also i know that it’s **** , i checked it with ********. when i scanned with ****** it showed that it’s running ngen.exe and when i searched it in internet it said that windows vista runs it so then i remembered MS017-10 and checked it with metasploit but it’s not vunlarable. so please someone help me

I have the pre-shared key… not the group and dont know how to setup the V.n lol

Hmm… main additional scanning okay but it doesn’t pay to be aggressive sometimes. Hauling out some scripting skills…

I only need some help with the “Connection” setup if anyone here got user or done that.

I think that is where pretty much everyone is stuck

I tried enumerating the g***p name with a wordlist, but nothing came back…

Yup, we’re all stuck. I really wish I had a working server setup with certain mode disabled so I could start with a working connection and then systematically break it. This is my first time with this particular critter.

Edit: plaudits to the box creator – even though the headwinds are tough here I’m forced to research a common technology and its vulns that have not come up for me before. Much more interesting than playing “hunt the directory”.

This is a new initial foothold for me and I’m still not able to connect to the ■■■■ box. I want to make sure we all found the same stuff.

Enumerating a common U** service on port 1** will provide two pieces of info:

A list of 4 possible users: Gu***, Ad********, De******, DeA*.
A P** Key to the Iv1 (note v) service running on U port 5**. This hash can be cracked almost instantly using a common online cracker and the result is a plaintext P** of Du********. I don’t see any TCP ports open on an nmap scan that are open; however, I can see in the S*** enumeration several common windows TCP ports exposed, but manually probing these ports doesn’t give me anything.

I haven’t seen username:password combo anywhere like I did on Mischief. Thus any user here would be a guess of the four enumerated (via sn**-c****). The only password I’ve seen is the cracked version of the P** Key. The algo I’ve seen to connect with is 3d**-***-m****1***. I haven’t seen any kind of group information.

I’ve tried tons of different IPS** configurations ( IPSe* over L2**) to connect to this box with the information above. This seems like it is going to be more complicated than usual because it is a VPN within a VPN. I’ve tried both GUI and CLI configurations, but I cannot achieve a successful connection.

Yes, exact same position @1NC39T10N, it’s a real struggle but it’s forcing me to delve into stuff I’ve just taken for granted up till now.

I keep making tiny jumps, I’m so close to getting it working I can taste it. (Probably going to remain stuck at this point for days because I said that)

Currently trying to figure out why the enumeration confirms the host name is “C******”, yet when connecting I get IDir '10.10.10.116' does not match to 'C******'

I’m in the same boat as you two. I’m trying to figure out if some missing pieces of info are hiding somewhere or if I have to do some brute forcing. I also wonder if I need to switch to a different OS other than Kali to make certain connections.

The client matters because there are different types of VPN and different “modes.” It looks like you should be able to do it from Kali. apt search VPN for different clients, also apt search for other relevant tools, like scanners.

Right now I’m starting to wonder if my scans actually got everything. A couple of obvious services but could there be more?

@1NC39T10N said:
This is a new initial foothold for me and I’m still not able to connect to the ■■■■ box. I want to make sure we all found the same stuff.

Enumerating a common U** service on port 1** will provide two pieces of info:

A list of 4 possible users: Gu***, Ad********, De******, DeA*.
A P** Key to the Iv1 (note v) service running on U port 5**. This hash can be cracked almost instantly using a common online cracker and the result is a plaintext P** of Du********. I don’t see any TCP ports open on an nmap scan that are open; however, I can see in the S*** enumeration several common windows TCP ports exposed, but manually probing these ports doesn’t give me anything.

I haven’t seen username:password combo anywhere like I did on Mischief. Thus any user here would be a guess of the four enumerated (via sn**-c****). The only password I’ve seen is the cracked version of the P** Key. The algo I’ve seen to connect with is 3d**-***-m****1***. I haven’t seen any kind of group information.

I’ve tried tons of different IPS** configurations ( IPSe* over L2**) to connect to this box with the information above. This seems like it is going to be more complicated than usual because it is a VPN within a VPN. I’ve tried both GUI and CLI configurations, but I cannot achieve a successful connection.

on the same boat

same boat, same frustration…

Can someone give a nudge on INVALID_ID_INFORMATION. I guess i’m so close

read page 12 here, http://downloads.linksys.com/downloads/userguide/BEFVP41_V21_UG_NC-WEB.pdf