22 - SSH

Modern ssh servers are usually quite hardened, but check for older versions!

Banner grabbing with netcat:

nc <ip-addr> 22

Nmap scripts

Enumerate authentication methods:

nmap -p 22 --script ssh-auth-methods --script-args="ssh.user="

Brute-force accounts

nmap -p 22 --script ssh-brute --script-args userdb=users.lst,passdb=pass.lst --script-args ssh-brute.timeout=4s

Enumerate authentication algorithms

nmap --script ssh2-enum-algos target

Enumerate SSH host keys (3 examples)

"full": The entire key, not just the fingerprint
"bubble": Bubble Babble output
"visual": Visual ASCII art representation
"all": All of the above

nmap host --script ssh-hostkey --script-args ssh_hostkey=full nmap host --script ssh-hostkey --script-args ssh_hostkey=all nmap host --script ssh-hostkey --script-args ssh_hostkey='visual bubble'

Previous21 - FTP Next23 - Telnet

Last updated 5 years ago