22 - SSH
Rarely juicy port
SSH Login:
ssh <username>@<IP>
Non-default port:
ssh <username>@<IP> -p 2222
Banner Grabbing:
nc -vn <IP> 22
Public SSH key of server:
ssh-keyscan -t rsa <IP> -p <PORT>
When you have the id_rsa key:
chmod 600 id_rsa
thenssh -i id_rsa <USER>@<IP>
Retrieve weak keys:
nmap -p22 <IP> --script ssh-hostkey --script-args ssh_hostkey=full
Bruteforcing SSH:
hydra -L users.txt -P /usr/share/wordlists/rockyou.txt <IP> ssh -t 4 -V
After initial access, find ssh keys in linux:
find / -name ssh 2>/dev/null
Last updated