1. Now after misconfiguring ssh we will exploit it using some basic techniques.
  2. Scanning the target windows server: sshe_1

Performing user enumeration:

  1. Open msfconsole
  2. Once it’s loaded, use this ssh_enumusers module
use auxiliary/scanner/ssh/ssh_enumusers

sshe_2 3. Settings: sshe_3 This didn’t give any results due to secure OpenSSH server, modern SSH servers are patched against this. If this was an actual pentest we hit the wall, but as we know the username and password, we can try login brute force attacks

  1. First we will try msfconsole's ssh_login module: sshe_4
  2. Options: sshe_5
  3. It will take significant time if you don’t have the actual credentials, if you have that’s a plus point. NEVER PERFORM BRUTE FORCE ATTACKS IN A INTERNAL NETWORK IN A PENTEST
  4. Now if it was an actual scenario, a sysadmin would check the logs immediately, we will do the same: sshe_6 On opening that file you can see logs are continiously getting collected

Using medusa tool for brute forcing:

medusa -h 192.168.83.140 -U username.txt -P passwords.txt -M ssh

sshe_7