The software is a counterfeit IKE daemon designed to comply partially with the standards and Cisco extensions.
The fiked configuration supports aggressive mode using pre-shared keys and XAUTH. It can use DES, 3DES, AES128, AES192, AES256, MD5, SHA1, and DH groups 1, 2, and 5 algorithms. However, main mode is not supported.
The attack that fiked performs is not new. The IKE protocol using pre-shared keys with XAUTH has long been known to be insecure. Several ways exist to find out the shared secret, such as being a legitimate user, grab it from a Cisco config file, ike-crack, or layer 8 hackery. Similarly, several techniques can be used to redirect IKE traffic to a running fiked instance, including ARP spoofing, 802.11 hostap, or layer 1 hackery.
To use fiked effectively, you need to know the pre-shared key and intercept the IKE traffic between the VPN gateway and the clients. In addition, fiked provides several optional command-line arguments, including detach from tty and run as a daemon, be quiet, print help or version, VPN gateway address to impersonate, pre-shared key in group password format, and logging parameters.
Overall, fiked is a useful tool for security professionals, pen testers, or researchers interested in assessing the security of their Cisco VPN setups.
Version 0.0.5: N/A