Conceal

Oof. Finally have a connection, thanks to some help. Wow. I’m still digesting…

@kekra said:

I hope my theories about the next stage are correct. I saw something like a confirmation of that theory in the data you get from a successful ‘association’.

Follow-up on my own post, so that I don’t mislead anybody. My theories were incorrect - the setup is way simpler than I expected it to be! The alleged info on ‘the next stage’ was actually not ‘from the server’ but merged from a backup conf file I ‘forgot’.

This also explains why it cannot fully work the native client, @voncount and @halfluke

It was an interesting experience so far as I made too much assumptions based on what would be ‘common’ in the Windows VPN world …

Does the rightsubnet config need to include specific protocol/port config?

@xirax said:
Does the rightsubnet config need to include specific protocol/port config?

Yes!

rooted.
Hope it is not a spoiler: If you are privescing with a “framework”. Pay attention to 32/64 bit things. thanks to @chppppp and @MrR3boot for hints on this journey

@1NC39T10N said:

@xirax said:
Does the rightsubnet config need to include specific protocol/port config?

Yes!

Yeah got the connection now. Turns out the type param is important although not sure why as the default value seems to be a superset of the value that works

@kekra said:

@kekra said:

I hope my theories about the next stage are correct. I saw something like a confirmation of that theory in the data you get from a successful ‘association’.

Follow-up on my own post, so that I don’t mislead anybody. My theories were incorrect - the setup is way simpler than I expected it to be! The alleged info on ‘the next stage’ was actually not ‘from the server’ but merged from a backup conf file I ‘forgot’.

This also explains why it cannot fully work the native client, @voncount and @halfluke

It was an interesting experience so far as I made too much assumptions based on what would be ‘common’ in the Windows VPN world …

I haven’t gotten it to work on the Windows side but I’m in from my Linux box. I’m not sure how I’d replicate the final few tweaks to my config file that got me in over to Windows, but for now I’m happy with what I have.

@voncount said:
I haven’t gotten it to work on the Windows side but I’m in from my Linux box. I’m not sure how I’d replicate the final few tweaks to my config file that got me in over to Windows, but for now I’m happy with what I have.

I am also in from Linux - I think you cannot use that type of connection with the native Windows client (I did not test to install other clients on Windows). Also the scripted way of configuring a native client does not have more options than the GUI

Rooted! 4 days just bring up host-host connection.

So I can run a few commands using an easy-to-find one-line shell that runs on this server, but most just give me an error. Anyone know why this might be?

Edtt: Nm, got it. Working on root privesc now.

I can confirm that racoon works here too, but I liked the strong bird a bit more.

@kekra said:

@voncount said:
I haven’t gotten it to work on the Windows side but I’m in from my Linux box. I’m not sure how I’d replicate the final few tweaks to my config file that got me in over to Windows, but for now I’m happy with what I have.

I am also in from Linux - I think you cannot use that type of connection with the native Windows client (I did not test to install other clients on Windows). Also the scripted way of configuring a native client does not have more options than the GUI

I’ve never configured these services this way IRL… I’ve only ever used this type of config with PKI on lan-only scenarios. I’ve only managed phase1 connectivity from Windows on this box, however I think using the native wall of fire this may work… also if anyone has connectivity and it’s dropping just bring things back UP and you should be ok (I’m guessing the config can be adjusted to stop this!)

@mRr3b00t said:
I’ve never configured these services this way IRL… I’ve only ever used this type of config with PKI on lan-only scenarios. I’ve only managed phase1 connectivity from Windows on this box, however I think using the native wall of fire this may work… also if anyone has connectivity and it’s dropping just bring things back UP and you should be ok (I’m guessing the config can be adjusted to stop this!)

Hard to reply without spoiling, but if you want to connect to a VPN based on that version of the service in Windows, the only option you have is to combine it with some other protocol … which I called the ‘next phase’ above.

Yes, I’ve also mainly used it with certificates IRL!

Finally got it, prompt downvote.

now where is that pesky user flag… adjusted scan parameters, looking around… well that’s not very secure is it… got it with a shell. Privesc next… just doing recon, think I may need to compile something.

stuck at phase 2

Yer I’m having issues with it now was fine getting 1st phase up and was holding it find changed something not even sure what and then at 1st I thought it was crashing my kali vm but it was screwing with my tunnel into my server.
Not sure why as I didnt change anything on that interface but if I use the console window and not rdp I can hold the connection if I’m in rdp it will crash and create 1000s of active connecting threads to the target box… so I should just try on my dedicated kali laptop is that what you mean?

Spoiler Removed

@Blkph0x said:
Yer I’m having issues with it now was fine getting 1st phase up and was holding it find changed something not even sure what and then at 1st I thought it was crashing my kali vm but it was screwing with my tunnel into my server.
Not sure why as I didnt change anything on that interface but if I use the console window and not rdp I can hold the connection if I’m in rdp it will crash and create 1000s of active connecting threads to the target box… so I should just try on my dedicated kali laptop is that what you mean?

thats what i meant , i havent trouble shooted to as why the VM was causing the connectivity issues to the “strong service” but i finally got phase 1 going when using kali straight from the USB stick on my desktop. just throwing in a tip in case it helps everyone else if they use a VM =)

After spending two decades to have the VPN up and running, finally I could hack the box. :wink:

Hack N’ Roll (-: