Metasploitable3: SSH Bruteforce & get Remote Shell
The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key.
Remove the vulnerable public keys from the SSH server.
Output
-
Nessus was able to verify the following users and public SSH keys (with publicly known private keys) are accepted :
Port Hosts 22 / tcp / ssh 192.168.1.9Open Metasploit, and use module auxiliary/scanner/ssh/ssh_login
Description:
This module will test ssh logins on a range of machines and report
successful logins. If you have loaded a database plugin and
connected to a database this module will record successful logins
and hosts so you can track your access.
Set your USERPASS_FILE, RHOSTS, THREADS… parameters and then use run command
I found ssh credential and get shell
Demo
