SSH (tcp-22)

17/02/2023

shuciran

Enumeration

Cipher Algorithms supported:

nmap -p22 10.10.1.3 --script ssh2-enum-algos

Public key from ssh server:

  
nmap -p22 10.10.1.3 --script ssh-hostkey --script-args= ssh_hostkey=full

Review if a user has or not password:

  
nmap -p22 10.10.1.3 --script ssh-auth-methods --script-args="ssh.user=student"

Brute Force

  
hydra -l student -P /usr/share/wordlists/rockyou.txt 10.10.10.10 ssh
nmap 10.10.10.10 -p 22 --script ssh-brute --script-args userdb=/path/to/users/file

01 Enumeration, SSH (tcp-22)

ssh enumeration

Reverse Shells
Finding GUID with ipainstaller
Plist Files
Signing IPA with Sideloadly (Non-jailbroken)
Signing IPA with TrollStore (Non-jailbroken)

exploitation wireless file transfer hackthebox active directory scr windows privesc mobile linux enumeration linux privesc

SSH (tcp-22)

Enumeration

Brute Force

NFS (tcp-111)

For Privilege Access (Linux)

Automated Enumeration (Linux)