1
00:00:00,800 --> 00:00:06,950
‫S s h stands for a secure shell and works on Port 22.

2
00:00:07,910 --> 00:00:12,680
‫It helps administrators make operations over an encrypted channel.

3
00:00:13,980 --> 00:00:18,880
‫Although S.H. might come in handy when you want to access remote systems.

4
00:00:19,830 --> 00:00:24,270
‫Sometimes, but not so often, but it's good to be aware of it.

5
00:00:24,520 --> 00:00:28,650
‫S.H. itself can have some configuration vulnerabilities.

6
00:00:29,850 --> 00:00:34,800
‫So let me just quickly show you an example of a poorly configured as S.H. server.

7
00:00:36,410 --> 00:00:39,590
‫So first, let's search for S.H. Auxiliaries.

8
00:00:40,910 --> 00:00:42,050
‫There aren't too many module's.

9
00:00:42,980 --> 00:00:49,370
‫And I'll follow the same sequence that I did in the previous videos, and I'll try to discover the version

10
00:00:49,940 --> 00:00:50,990
‫users.

11
00:00:52,100 --> 00:00:57,650
‫So I will pick S.H. version as my first module.

12
00:00:58,800 --> 00:00:59,760
‫So the options.

13
00:01:01,240 --> 00:01:07,570
‫Now, because I said the are hosts variable as global, the value is automatically assigned.

14
00:01:08,590 --> 00:01:11,740
‫And there's nothing change here, so let's run the module.

15
00:01:13,760 --> 00:01:19,920
‫And here's the result, so it contains more details on the SSA services on both machines.

16
00:01:20,660 --> 00:01:21,980
‫You should also make a note of that.

17
00:01:23,370 --> 00:01:28,770
‫Now, I don't want to look for vulnerabilities for these versions, but you can if you want to, and

18
00:01:29,070 --> 00:01:31,890
‫test him in the lab environments if you find any.

19
00:01:34,770 --> 00:01:40,920
‫So, OK, then I'm going to use S.H. log in as my next module.

20
00:01:42,460 --> 00:01:43,360
‫Swaptions.

21
00:01:44,530 --> 00:01:48,970
‫And I will allow the user name as password.

22
00:01:50,040 --> 00:01:52,680
‫And except blank passwords.

23
00:01:53,740 --> 00:01:56,200
‫Now, I won't create a dictionary file again.

24
00:01:57,590 --> 00:02:01,250
‫So I'm going to use the file that I created for FTP.

25
00:02:02,970 --> 00:02:07,170
‫And I don't think we need anything more, so let's run the module.

26
00:02:08,450 --> 00:02:15,380
‫Now, here I get a username, password Perre, vagrant, vagrant, remember that also.

27
00:02:17,430 --> 00:02:23,560
‫And then Métis Boit automatically opens a session for us on board 22.

28
00:02:24,330 --> 00:02:26,580
‫So now we can interact with that session.

29
00:02:27,630 --> 00:02:30,420
‫So now let's enumerate the next service.