search
githubEdit

TCP 22: SSH

Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

-- Wikipediaarrow-up-right

hashtag
Basic commands

Authenticate with key file

ssh -i keyfile <user>@<ip>

Generate key (to file)

ssh-keygen -f <file>
chmod 600 <file>.pub
chmod 600 <file>

hashtag
Conventions

Naming Default key: id_rsa User key: <user>_key

hashtag
SSH package version

nc -nv <ip> 22
(UNKNOWN) [10.11.1.71] 22 (ssh) open
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2

hashtag
SSH key fingerprint

Now what happens if you see multiple SSH services on different ports which have the same key? What could it mean if they are different? Why would you see the same key on another box? All questions to think about... As this is not the case here, we will not answer that (cough but it is in the labs cough). On this subject: A useful resource ~ https://github.com/rapid7/ssh-badkeysarrow-up-right

hashtag
SSH banner

But we DO get a password prompt, so the machine may accept SOME users with a password, rather than keys (or both!). Example of a bannerarrow-up-right (able to get some information from it too - domain name!).

hashtag
Nmap Scripts

-> Automate fingerprinting and banner grabbing

hashtag
SSH "Konami Code"

The Konami Code is a cheat code that appears in many Konami video games, and some non-Konami games. In the original code, the player can press the following sequence of buttons on the game controller to enable a cheat or other effects: ↑↑↓↓←→←→BA

SANS Penetration Testing | Using the SSH "Konami Code" (SSH Control Sequences) | SANS Institutearrow-up-right

PreviousTCP 21: FTPNextTCP 23: Telnet

Last updated