22 - SSH

Introduction

Port: 22 (TCP) The Secure Shell (SSH) protocol is used for operating network services and transferring files securely over an unsecured network.

Basic enumeration

Default enumeration:

nmap -p22 -sC -sV -n <TARGET>

To obtain the number of algorithms supported by the server and how to add them if they are not supported by default.

sudo nmap --script=ssh2-enum-algos -p22 -n <TARGET>ssh <USER>@<IP> -oKexAlgorithms=+diffie-hellman-group1-sha1

To obtain the SSH server's key fingerprint. If the host key has been reused and it is publicly known, the attacker could lead to MITM attacks.

sudo nmap --script=ssh-hostkey -p22 -n <TARGET>

To check support for SSHv1.

sudo nmap --script=sshv1 -p22 -n <TARGET>

This command returns authentication methods that an SSH server supports (The username may be invalid).

sudo nmap --script=ssh-auth-methods --script-args="ssh.user=<USERNAME>" -p22 -n <TARGET>

Last updated 2 years ago