Hacksheets.

SSH, or Secure Shell (also known as Secure Socket Shell), is a pivotal network protocol that enables secure access to a computer over an unsecured network. It’s essential for secure data communication, remote command-line login, remote command execution, and other secure network services.

• Default SSH Port: 22
• Basic Connection Syntax: ssh username@host

---

Key Aspects of Penetration Testing on SSH

1. Enumeration and Banner Grabbing

• Netcat for Banner Grabbing: nc -vn 22
• Nmap for Version Detection: nmap -sV
• Metasploit for SSH Banner Fetching:
  • Command: msfconsole
  • Exploit: auxiliary/scanner/ssh/ssh_version

2. SSH Login Module

• Metasploit Module: use auxiliary/scanner/ssh/ssh_login

3. Automated SSH-Audit

• Tool: SSH-audit
• Source: jtesta’s GitHub
• Features:
  • Support for SSH1 and SSH2 protocols.
  • Analysis of SSH client configuration.
  • Comprehensive security insights.
• Usage: ssh-audit.py [options]

4. Brute Force Attack

• Username Enumeration: Use scanner/ssh/ssh_enumusers in Metasploit.
• Brute Force Credentials: Utilize common SSH credentials.
• Keys Brute Force: Use Nmap’s SSH public key script or Metasploit’s scanner/ssh/ssh_identify_pubkeys.

5. Kerberos Authentication

• Tool: crackmapexec with --kerberos option.
• More Info: Run crackmapexec ssh --help.

6. Default Credentials

• Note: Common default credentials for various vendors like APC, Brocade, Cisco, etc.

7. Config Files and Hardening SSH

• Important Files: ssh_config, sshd_config, authorized_keys, etc.
• Hardening Guides: SSH Audit Hardening Guides.

Leveraging these tools and methodologies in SSH penetration testing is vital for the security of networked systems. Stay abreast with the latest security practices to combat evolving digital threats.