{"id":2064,"date":"2021-01-09T11:18:46","date_gmt":"2021-01-09T10:18:46","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=2064"},"modified":"2022-01-22T13:36:08","modified_gmt":"2022-01-22T12:36:08","slug":"22-ssh","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=2064","title":{"rendered":"22 <span class=\"caps\">SSH<\/span>"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Enumeration<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Mandatory<\/h3>\n\n\n\n<ol class=\"wp-block-list\"><li>Try to access ssh \u2011v <code>$target<\/code><\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Optional<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Reuse exist\u00ading credentials<\/li><li>Brute-force with exist\u00ading user\u00adnames (Pass\u00adword-spray\u00ading)<\/li><li>Try <code>ssh-audit $target<\/code><\/li><li>Try known user\u00adnaes with user\u00adname as pass\u00adword or oth\u00ader found strings.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Privilege Escalation<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Find .ssh direc\u00adto\u00adry on the file sys\u00adtem and check all files within.<\/li><li>Check <code>sshd_config<\/code> file.<\/li><li>Check <span class=\"caps\">SSH<\/span> ver\u00adsion for exploits.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Enu\u00admer\u00ada\u00adtion Manda\u00adto\u00adry Try to access ssh \u2011v $tar\u00adget Option\u00adal Reuse exist\u00ading cre\u00adden\u00adtials Brute-force with exist\u00ading user\u00adnames (Pass\u00ad\u00adword-spray\u00ading) Try ssh-audit $tar\u00adget Try known user\u00adnaes with user\u00adname as pass\u00adword or oth\u00ader found strings. Priv\u00adi\u00adlege Esca\u00adla\u00adtion Find .ssh direc\u00adto\u00adry on the file sys\u00adtem and check all files with\u00adin. Check sshd_config file. Check <span class=\"caps\">SSH<\/span> ver\u00adsion for exploits.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[36],"tags":[37,46],"class_list":["post-2064","post","type-post","status-publish","format-standard","hentry","category-port","tag-checklist","tag-ssh"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2064"}],"version-history":[{"count":3,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2064\/revisions"}],"predecessor-version":[{"id":3521,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2064\/revisions\/3521"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}