Jump to content
Not connected, Your IP: 18.226.214.1
Rp28f3ex

Question about Attacking SSL VPN (Pulse/openvpn/ect)

Recommended Posts

Recently came across this article and seen some things with in it that I thought might apply to AirVPN and the Eddie Client.

Question: Dose the “logon script” feature in Eddie or in the implementation of AirVPN's  ovpn.configs  suffer from this vulnerability?

Question is base on this source.
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/

Bonus: Take over all the VPN clients
Our company, DEVCORE, provides the most professional red team service in Asia. In this bonus part, let’s talk about how to make the red team more RED!

We always know that in a red team operation, the personal computer is more valuable! There are several old-school methods to compromise the VPN clients through SSL VPN before, such as the water-hole attack and replacing the VPN agent.

During our research, we found a new attack vector to take over all the clients. It’s the “logon script” feature. It appears in almost EVERY SSL VPNs, such as OpenVPN, Fortinet, Pulse Secure… and more. It can execute corresponding scripts to mount the network file-system or change the routing table once the VPN connection established.   ?

Due to this “hacker-friendly” feature, once we got the admin privilege, we can leverage this feature to infect all the VPN clients! Here we use the Pulse Secure as an example, and demonstrate how to not only compromise the SSL VPN but also take over all of your connected clients:

* So dose AirVPN have any issues with this and if so what can be done to help?

Over the past several month there has been a lot of XSS and different type of DDOS effecting connectivity and different drops while using AirVPN. Also Logs are full of IPs with offensive packets. Not claiming in this post any connection to the service (AirVPN) 


To the Admins and all making this service possible; Thank You!
 

Share this post


Link to post
3 hours ago, o1pAdcUU said:

Over the past several month there has been a lot of XSS and different type of DDOS effecting connectivity and different drops while using AirVPN. Also Logs are full of IPs with offensive packets. Not claiming in this post any connection to the service (AirVPN) 


Can you elaborate on these sentences? What logs?

Your linked article refers to SSL VPN implementations in hardware from Pulse Secure, it seems. AirVPN does not offer SSL VPN. You can connect to AirVPN over TLS, but it's a stunnel-based TLS tunnel with OpenVPN encapsuled and by my reckoning differs from SSL VPN's definition.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...