1
00:00:00,810 --> 00:00:06,960
S s h stands for a secure shell and works on Port 22.

2
00:00:07,950 --> 00:00:12,690
It helps administrators make operations over an encrypted channel.

3
00:00:13,930 --> 00:00:18,890
Although SS age might come in handy when you want to access remote systems.

4
00:00:19,850 --> 00:00:24,260
Sometimes, but not so often, but it's good to be aware of it.

5
00:00:24,500 --> 00:00:28,640
S.H. itself can have some configuration vulnerabilities.

6
00:00:29,850 --> 00:00:34,800
So let me just quickly show you an example of a poorly configured as S.H. server.

7
00:00:36,420 --> 00:00:39,600
So first, let's search for S.H. Auxiliaries.

8
00:00:40,950 --> 00:00:42,030
There are too many module's.

9
00:00:42,980 --> 00:00:49,430
And I'll follow the same sequence that I did in the previous videos, and I'll try to discover the version

10
00:00:49,970 --> 00:00:51,020
users.

11
00:00:52,110 --> 00:00:57,660
So I will pick S.H. version as my first module.

12
00:00:58,820 --> 00:00:59,780
So the options.

13
00:01:01,240 --> 00:01:07,600
Now, because I said the are hosts variable as global, the value is automatically assigned.

14
00:01:08,610 --> 00:01:11,760
And there's nothing change here, so let's run the module.

15
00:01:13,750 --> 00:01:19,940
And here's a result, so it contains more details on the SSA services on both machines.

16
00:01:20,680 --> 00:01:22,000
You should also make a note of that.

17
00:01:23,380 --> 00:01:28,780
Now, I don't want to look for vulnerabilities for these versions, but you can if you want to, and

18
00:01:29,080 --> 00:01:31,900
test him in the lab environments if you find any.

19
00:01:34,790 --> 00:01:40,940
So, OK, then I'm going to use S.H. log in as my next module.

20
00:01:42,450 --> 00:01:43,380
Swaptions.

21
00:01:44,520 --> 00:01:48,960
And I will allow the user name as password.

22
00:01:50,050 --> 00:01:52,690
And except blank passwords.

23
00:01:53,720 --> 00:01:56,210
Now, I won't create a dictionary file again.

24
00:01:57,610 --> 00:02:01,240
So I'm going to use the file that I created for FTP.

25
00:02:02,980 --> 00:02:07,180
And I don't think we need anything more, so let's run the module.

26
00:02:08,470 --> 00:02:15,400
Now, here I get a username, password Perre, vagrant, vagrant, remember that also.

27
00:02:17,420 --> 00:02:23,580
And then metastable point automatically opens its session for us on board 22.

28
00:02:24,320 --> 00:02:26,570
So now we can interact with that session.

29
00:02:27,650 --> 00:02:30,410
So now let's enumerate the next service.