22 - SSH

Rarely juicy port

  1. SSH Login: ssh <username>@<IP>

  2. Non-default port: ssh <username>@<IP> -p 2222

  3. Banner Grabbing: nc -vn <IP> 22

  4. Public SSH key of server: ssh-keyscan -t rsa <IP> -p <PORT>

  5. When you have the id_rsa key: chmod 600 id_rsa then ssh -i id_rsa <USER>@<IP>

  6. Retrieve weak keys: nmap -p22 <IP> --script ssh-hostkey --script-args ssh_hostkey=full

  7. Bruteforcing SSH: hydra -L users.txt -P /usr/share/wordlists/rockyou.txt <IP> ssh -t 4 -V

  8. After initial access, find ssh keys in linux: find / -name ssh 2>/dev/null

Previous53 - DNSNext389/636/3268 - LDAP

Last updated