Metasploit auxiliray modules come with four SSH scanners namely,
- scanner/ssh/ssh_version
- scanner/ssh/ssh_login
- scanner/ssh/ssh_identify_pubkeys
- scanner/ssh/ssh_login_pubkey
All are used against a RANGE of IPs, so most of the other modules, and that is the damn good advantage of auxiliary modules. BUT you need to specify one ip by another, you can't use for example xx.xx.xx.1-254 or xx.xx.xx.1,2,3,4 :(
There are two types of SSH authentication, USERNAME-PASSWORD and PRIVATE-PUBLIC KEYS.
USERNAME-PASSWORD authentication is simply the user and password of a user on the local machine. key authentication is an alternative to user-pass authentication, simply the public key is the server-side and the private key is the remote-side.
auxiliary/scanner/ssh/ssh_version
This module is used to detect SSH version on a range of ip addresses
auxiliary/scanner/ssh/ssh_login
This module will test ssh logins on a range of machines and report successful logins
[SSH login is simply a server account login]
auxiliary/scanner/ssh/ssh_identify_pubkeys
set KEY_FILE to whether the puplic key path or the private key path
auxiliary/scanner/ssh/ssh_login_pubkey
Puplic-private key authentication is an alternative to Username-password authentication. Demo:
To generate Puplic-private authentication key:
ssh-keygen -t rsa
This will generate 2 files, located in /root/.ssh/
public key "id_rsa.pub" >> for the server
private key "id_rsa" >> for the client
To register that key, you need to add the .pub to /root/.ssh/authorized_keys, automatically by using:
ssh-id-copy -i /root/.ssh/id_rsa.pub [user@server_ip]
To test your registered key:
No comments:
Post a Comment