Basic Pentesting - THM
I was able to complete a challenge posted on Try Hackme Website and below are a few takeaways from it.
SSH Bruteforcing
If you managed to grab a list of users then use hydra to brute force your way into the system.
hydra -l username -P passwordlist ssh://ip
Using ssh2john
I was able to grab ssh private key of a another user from a different user’s account, but in order to ssh using that private key I was asked to provide a pass phrase.
ssh2john.py id_rsa > forjohn.txt (Hash file that john the ripper can understand)
Afterwards pass the file to john:
john forjohn.txt --wordlist=rockyou.txt
Points to note
- If you have SSH running and exposed to the outside world you definitely need to enforce a strong password policy. Alternatively which is infact the best practice use Public/Private Keys for Authentication. In our case we were able to ssh into the system using private key obtained from our first assault.
- Admins should implements intrusion prevention measures for instance Fail2Ban software would have been the best way protect the server from brute-force attacks. It automatically blocks multiple connection attempts to the server from a single IP.
Leave a comment