1
00:00:00,090 --> 00:00:02,620
So now let's take a look at SS H.

2
00:00:02,970 --> 00:00:10,920
So from the original scan we saw that it was open and we saw open SS age two point nine P two.

3
00:00:10,950 --> 00:00:14,610
So we're going to copy this and just make a note of that in our notes as well.

4
00:00:14,610 --> 00:00:16,080
I think that's important.

5
00:00:16,140 --> 00:00:18,240
So us say SS age.

6
00:00:18,240 --> 00:00:19,950
We've got the version there.

7
00:00:19,950 --> 00:00:26,030
So let's take this and let's do a little bit of enumeration and talk through it.

8
00:00:26,030 --> 00:00:31,040
So sometimes you're going to get a scan back and your scans that can have really a version here it's

9
00:00:31,040 --> 00:00:36,130
just going to say SS age and we can go and try to find that out ourselves.

10
00:00:36,140 --> 00:00:39,110
And it's always good to attempt that.

11
00:00:39,110 --> 00:00:45,530
What we're gonna do is we're going to attempt to connect to SS H to this specific port and see if it

12
00:00:45,530 --> 00:00:48,000
gives us any information about what's running.

13
00:00:48,290 --> 00:00:50,910
And that's really yet at this point.

14
00:00:50,920 --> 00:00:55,280
It's that's most of the enumeration that we can do anything with SS age.

15
00:00:55,280 --> 00:01:02,300
The second that we attempt to make a log in attempt is going to be exploitation even if we just try

16
00:01:02,300 --> 00:01:02,940
one password.

17
00:01:02,940 --> 00:01:07,920
Guess that's exploitation so we're not going to do that right now.

18
00:01:07,940 --> 00:01:12,740
We're gonna say that for the exploitation part of the course but I do want to show you a connection

19
00:01:12,740 --> 00:01:15,030
and just something funky with this anyway.

20
00:01:15,200 --> 00:01:20,280
So let's go ahead and just go to our terminal and the typical way to SSA.

21
00:01:20,300 --> 00:01:27,400
If you've never done it before is you just say SS age and I want to ask sage to a specific IP address.

22
00:01:27,590 --> 00:01:33,620
So this is the IP address I want to I want to SSA to the issue with this box is this box is old.

23
00:01:33,620 --> 00:01:40,690
So when we go to try to SS H to it it's gonna say this hey we haven't found a matching key exchange.

24
00:01:40,700 --> 00:01:43,940
So they they're giving us a few different offers here.

25
00:01:44,210 --> 00:01:46,070
We're going to have to type in a little bit syntax.

26
00:01:46,070 --> 00:01:52,010
This is not common but this is also useful to have in your notes because this does come up occasionally.

27
00:01:52,010 --> 00:01:58,160
So we can just say a dash Oh we're gonna type Katy X like this and then algorithms

28
00:02:00,920 --> 00:02:08,470
equals plus sine and I'll stall for just a second so you can catch up and then I'm going to copy this

29
00:02:08,470 --> 00:02:17,360
will in here and then I'm going to paste it and you're going to see we're gonna get one more air and

30
00:02:17,360 --> 00:02:23,220
this is going to ask about a cipher so it says there's no cipher found we're going to do a dash C for

31
00:02:23,220 --> 00:02:32,050
a cipher or it's going to copy this and we're going to paste it in this should now provide the opportunity

32
00:02:32,050 --> 00:02:39,150
to connect says the authenticity can't be established we've got RSA fingerprint do you want to connect.

33
00:02:39,160 --> 00:02:40,320
We're gonna type in yes

34
00:02:42,940 --> 00:02:43,650
OK.

35
00:02:43,880 --> 00:02:50,510
And what's happening here is it's asking us for a password there's nothing here for us so I'm going

36
00:02:50,510 --> 00:02:53,230
to hack control C why did we do this.

37
00:02:53,230 --> 00:02:57,040
Why do we even attempt to make this connection.

38
00:02:57,050 --> 00:03:05,030
Well sometimes what happens is a banner is exposed and the banner will say Hey we're running we're running

39
00:03:05,060 --> 00:03:13,550
SSA version x y z and this is built by this person by this company etc. So here we're looking for a

40
00:03:13,550 --> 00:03:14,180
banner.

41
00:03:14,540 --> 00:03:17,550
Unfortunately there was no banner.

42
00:03:17,840 --> 00:03:19,660
So that doesn't give us a lot of information.

43
00:03:19,670 --> 00:03:26,800
But fortunately for us when we had our our scan here we were able to pull down at least the open SDH

44
00:03:26,870 --> 00:03:29,220
two point nine P two.

45
00:03:29,240 --> 00:03:30,830
So that's it.

46
00:03:31,160 --> 00:03:37,160
I told you in the beginning SSA isn't very exciting because there's not a lot of opportunities for remote

47
00:03:37,160 --> 00:03:38,590
code execution.

48
00:03:38,780 --> 00:03:43,430
Really the way we're going to have to do this is hammer it with brute force and we'll talk about the

49
00:03:43,430 --> 00:03:50,060
reasonings why later but we'll have to hammer with brute force and just prey spray and pray as we like

50
00:03:50,060 --> 00:03:51,360
to call it sometimes.

51
00:03:51,470 --> 00:03:53,760
But for now that's it for SSA.

52
00:03:53,790 --> 00:04:00,920
So we're gonna start moving into research different tools we can use to research vulnerabilities and

53
00:04:01,220 --> 00:04:02,930
additional videos on that.

54
00:04:02,960 --> 00:04:07,430
So I'll catch you over in the next video when we start digging into some of what we found.