SSH

Default Configuration

• cat /etc/ssh/sshd_config | grep -v "#" | sed -r '/^\\s*$/d'

Footprinting the Service

SSH-Audit

git clone <https://github.com/jtesta/ssh-audit.git> && cd ssh-audit
./ssh-audit.py 10.129.14.132

ssh -v cry0l1t3@10.129.14.132

ssh -v cry0l1t3@10.129.14.132 -o PreferredAuthentications=password

Rsync

• Rsync is a fast and efficient tool for locally and remotely copying files.
• By default, it uses port 873 and can be configured to use SSH for secure file transfers by piggybacking on top of an established SSH server connection.
• This guide covers some of the ways Rsync can be abused, most notably by listing the contents of a shared folder on a target server and retrieving files.

Scanning for Rsync

• nmap -sV -p 873 10.10.10.10