Fingerprint der Hostkeys

• nmap --script ssh-hostkey 10.0.10.104

Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:03 CET
Nmap scan report for 192.168.34.1
Host is up (0.00016s latency).
Not shown: 994 closed tcp ports (conn-refused)
PORT    STATE SERVICE
22/tcp  open  ssh
| ssh-hostkey: 
|   3072 2dc39f82ece37728cbc7b16c4acc6e2e (RSA)
|   256 7bbe487966c2e675dba74b535bbf34a1 (ECDSA)
|_  256 20efafc3c2991472086ba11c0c8f6cda (ED25519)
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
143/tcp open  imap
993/tcp open  imaps

Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds

Welche Authentifizierungsmethoden werden unterstützt

• nmap --script ssh-auth-methods 10.0.10.104

Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:08 CET
Nmap scan report for 192.168.34.1
Host is up (0.0010s latency).
Not shown: 994 closed tcp ports (conn-refused)
PORT    STATE SERVICE
22/tcp  open  ssh
| ssh-auth-methods: 
|   Supported authentication methods: 
|     publickey
|_    password
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
143/tcp open  imap
993/tcp open  imaps

Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds

Welche Cipher-Suits werden unterstützt

• nmap --script ssh2-enum-algos 10.0.10.104

Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:09 CET
Nmap scan report for 192.168.34.1
Host is up (0.00015s latency).
Not shown: 994 closed tcp ports (conn-refused)
PORT    STATE SERVICE
22/tcp  open  ssh
| ssh2-enum-algos: 
|   kex_algorithms: (9)
|       curve25519-sha256
|       curve25519-sha256@libssh.org
|       ecdh-sha2-nistp256
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp521
|       diffie-hellman-group-exchange-sha256
|       diffie-hellman-group16-sha512
|       diffie-hellman-group18-sha512
|       diffie-hellman-group14-sha256
|   server_host_key_algorithms: (5)
|       rsa-sha2-512
|       rsa-sha2-256
|       ssh-rsa
|       ecdsa-sha2-nistp256
|       ssh-ed25519
|   encryption_algorithms: (6)
|       chacha20-poly1305@openssh.com
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       aes128-gcm@openssh.com
|       aes256-gcm@openssh.com
|   mac_algorithms: (10)
|       umac-64-etm@openssh.com
|       umac-128-etm@openssh.com
|       hmac-sha2-256-etm@openssh.com
|       hmac-sha2-512-etm@openssh.com
|       hmac-sha1-etm@openssh.com
|       umac-64@openssh.com
|       umac-128@openssh.com
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac-sha1
|   compression_algorithms: (2)
|       none
|_      zlib@openssh.com
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
143/tcp open  imap
993/tcp open  imaps

Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds

ssh Bruteforce

• nmap --script ssh-brute 10.0.10.104

Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:13 CET
NSE: [ssh-brute] Trying username/password pair: root:root
NSE: [ssh-brute] Trying username/password pair: admin:admin
NSE: [ssh-brute] Trying username/password pair: administrator:administrator
NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
...