Yes, there is a way. Just that you need to have that key exchange capture available.
Which means access to a compromised system on the backbone or at the ISPs side, which also should allow you to do the capture.
And that is note quite trivial and an effort not justified for cracking of a puny 44net gateway access with no added benefits.
On the other hand, I understood that only specific implementations are actually vulnerable because of an implementation glitch where a key calculation is done just half the way offering a possibility to guess the password.
Whatever, the ease of management of such a system outperforms a plain gre tunnel and discourages access of script kiddies. Of course, a serious hacker could probably do it, but to what end?
I have such a system running for years, and apart from some sporadic login attempts with "root", "admin", "office", "sales" and such, and trying some dictionary passwords, nothing serious ever occurred.
Just my personal opinion,
Marius, YO2LOJ
On 04.12.2020 23:13, Iain R. Learmonth via 44Net wrote:
Exploit can be found at: https://www.willhackforsushi.com/?page_id=41 and it is over a decade old.
Thanks, Iain.