Cisco vpn pre shared key decrypt3/11/2023 Furthermore, we already know that the psksecret has to be stored with reversible encryption (not hashing). Well, someone from FTNT authorized my post. The encoding consists of encrypting the password with a fixed key using DES (AES in FIPS mode) and then Base64 encoding the result." In the configuration file these pre- shared keys are encoded. It will also tell you that AES encryption is used, but disagrees with that when not running in FIPS mode and says it is only DES: "Pre- shared keys in IPSec phase- 1 configurations are stored in plain text. As a matter of fact, cookbook will tell you just the same. It is a fairly straight forward solution that anyone could or should have found who understands that "ENC XXXX" must mean that reversible encryption is used. It gave a full solution for decrypting passwords. I changed this post after reading about "ticking bomb". My original post contained the actual option, but perhaps that is not wise/secure at this moment. ![]() Search for psksecret on the page.Ĥ) Notice that the psksecret is "ENC XXXX"ĥ) With the proper option, one can ask the FortiGate to give you the decrypted password. Your mileage may very for other versions though.ġ) Log in into the web-interface as a (super?) admin.Ģ) Change your url/path to /api/v2/cmdb/vpn.ipsec/phase1-interface (edited after post about ticking bomb)ģ) Firefox understands the JSON reply. In fact, I found two methods for FortiOS 5.6.7.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |