Note
Adapted from slyth11907 / Cheatsheets / Cheatsheet_IKEScan.txt.
In IKE aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a VPN client that wants to establish an IPSec Tunnel (Hash_R
). This hash is not encrypted (in main mode the hash is encrypted).
The ike-scan tool can be used to test if an IPSec VPN server is using IKE in aggressive mode:
If aggressive mode is in use, then ike-scan can be used to save the initial exchange for offline cracking:
psk-crack can then be used to (attempt) to crack the resulting $KEY_FILE
.