Backlink: reference-notes-readme


It's everywhere in the *nix world, and has a ton of features built in that us attackers can leverage for pivoting, tunneling X-sessions, file transfers, etc.. 

Port: 22/TCP

Tools: ssh, PuTTY

Examples:

ssh root@192.168.1.1

Legacy Key Exchange

Use the following command to specify a key exchange type when the default ssh command gives back error stating unable to connect because no matching key exchange method was found.

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host

Brute Forcing

hydra -l Matt -P /usr/share/wordlists/rockyou.txt 10.10.10.160 -t 4 ssh

Cracking id_rsa password

First convert id_rsa to a hash john can ingest.

python2 /usr/share/john/ssh2john.py ~/.ssh/id_rsa_Matt > id_rsa_Matt.hash

Then run john against it.

john id_rsa_Matt.hash -wordlist=/usr/share/wordlists/rockyou.txt