Top Banner
VPN penetration testing By Abdul Adil

Attacking VPN's

Jan 15, 2017



Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.

VPN penetration testing

VPN penetration testingBy Abdul Adil

Who am i?Web application & Network pentester Malware reverse engineeringRegular to Null Hyderabad chapter Email: Website: Connectica.inTwitter:@AbdulAdil02

AgendaWhat & Why VPN?Types of VPNVPN InternalsVPN issuesDemoQuestionnaire?

What & Why VPN?VPN stands for Virtual private network.It extends a private network across a public network (internet).It establishes a virtual point-to-point connection.Connection is encrypted!.

Scenario of VPN usage

Type of VPN protocolPPTPIPSecSSL VPNHybrid VPN

Types of VPN protocolPPTP(Point to point tunneling protocol): This is the most common and widely used VPN protocol. They enable authorized remote users to connect to the VPN network using their existing Internet connection and then log on to the VPN using password authentication.

IPSec: Trusted protocol which sets up a tunnel from the remote site into your central site. As the name suggests, its designed for IP traffic. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage.

VPN protocol & typesSSL VPN:SSL or Secure Socket Layer is a VPN accessible via https over web browser. SSL creates a secure session from your PC browser to the application server youre accessing. The major advantage of SSL is that it doesnt need any software installed because it uses the web browser as the client application.

Hybrid VPN: It combines the features of SSL and IPSec & also other types of VPN types. Hybrid VPN servers are able to accept connections from multiple types of VPN clients. They offer higher flexibility at both client and server levels and bound to be expensive.

VPN Internals

VPN Traffic

VPN appliance and applications

VPN Appliance VPN application

VPN issuesSome of the protocols provide weak encryptions.Vulnerable to brute force attacks as there is only one DES 56bit key to crack.RC4 cipher which is used for encryption does not doesnt helps us with the integrity of the data.If not configure properly it can lead to leakage of data over network(Port fail vulnerability).


Thanks to Null Hyderabad.