MSF SSH protocol based information collection

Today, let's continue to introduce the relevant knowledge of penetration testing , The main content of this paper is MSF be based on SSH Protocol information collection .

disclaimer ：
The content introduced in this article is only for learning and communication , It is strictly prohibited to use the technology in the text for illegal acts , Otherwise, you will bear all serious consequences ！
Again ： It is forbidden to perform penetration tests on unauthorized equipment ！

One 、 see SSH Service version information

First , Let's use MSF see SSH Service version information . Search first SSH Service information collection module , Carry out orders ：

search name:ssh type:auxiliary

Can search out a large number of MSF Medium SSH Related modules , As shown below ：

ad locum , We chose to use the 13 A module , Carry out orders ：

use auxiliary/scanner/ssh/ssh_version
show options

You can use this module , And check the parameters of the module , As shown below ：

after , We set the... Of this module RHOSTS Parameter is 192.168.136.190, And execute the module , The results are shown below ：

As can be seen from the above figure , Of our target host SSH Information collection succeeded , Can collect the data of the target device SSH Version information .

Two 、 Yes SSH Brute force cracking of services

actually , In the modules searched above , We can also choose to use the 8 A module , To the target host SSH Brute force cracking of services , Carry out orders ：

use auxiliary/scanner/ssh/ssh_login
show options

You can use this module , And check the parameters of the module , As shown below ：

Use this module , We need to specify a brute force Dictionary , stay MSF There are many self-contained dictionaries in , Get into
/usr/share/metasploit-framework/data/wordlists/ Under the table of contents , You can see many dictionary files , As shown below ：

ad locum , We choose our own dictionary , And specify RHOSTS Parameters , Execute the module . If we choose the right dictionary , You can scan the SSH User name and password , As shown below ：

As can be seen from the above figure , We scanned the target host root:root and msfadmin:msfadmin Two pairs of user names and passwords .
Originality is not easy. , Reprint please explain the source ：https://blog.csdn.net/weixin_40228200