Basic Pentesting - THM

I was able to complete a challenge posted on Try Hackme Website and below are a few takeaways from it.

SSH Bruteforcing

If you managed to grab a list of users then use hydra to brute force your way into the system.

hydra -l username -P passwordlist ssh://ip

Using ssh2john

I was able to grab ssh private key of a another user from a different user’s account, but in order to ssh using that private key I was asked to provide a pass phrase.

ssh2john.py id_rsa > forjohn.txt (Hash file that john the ripper can understand)

Afterwards pass the file to john:

john forjohn.txt --wordlist=rockyou.txt

Points to note

• If you have SSH running and exposed to the outside world you definitely need to enforce a strong password policy. Alternatively which is infact the best practice use Public/Private Keys for Authentication. In our case we were able to ssh into the system using private key obtained from our first assault.
• Admins should implements intrusion prevention measures for instance Fail2Ban software would have been the best way protect the server from brute-force attacks. It automatically blocks multiple connection attempts to the server from a single IP.

Secure oPenSSh