Metasploitable3: SSH Bruteforce & get Remote Shell

Description

The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key.
Solution

Remove the vulnerable public keys from the SSH server.
See Also

Output

  • Nessus was able to verify the following users and public SSH keys (with publicly known private keys) are accepted :

    PortHosts
    22 / tcp / ssh
    192.168.1.9

    Open Metasploit, and use module auxiliary/scanner/ssh/ssh_login

    Description:
    This module will test ssh logins on a range of machines and report
    successful logins. If you have loaded a database plugin and
    connected to a database this module will record successful logins
    and hosts so you can track your access.

    screenshot-from-2016-11-29-16-05-31

    Set your USERPASS_FILE, RHOSTS, THREADS… parameters and then use run command

    screenshot-from-2016-11-29-16-07-00

    I found ssh credential and get shell

    screenshot-from-2016-11-29-16-09-04

     

Demo

Share