Hello, using Nmap with the -sV option, I found several vulnerabilities. In this post, I am going to exploit SSH through bruteforce.
Next, I started the Metasploit Framework and searched for an auxiliary scanner for SSH. I found one that could be useful.
Within the show options, there are many settings available. I can specify whether I want to test with a single password/username or use a file containing multiple passwords/usernames. I chose to use the password file for this attempt.
I created a file with some basic misconfigured usernames and passwords.
Usernames
Passwords
Afterward, I need to set them up in the Metasploit Framework.
The scanner runs through both lists I created, testing each username with each password until it either finishes or succeeds. It's not the fastest method, but it's a simple introduction to brute-force attacks. Finally, I need to connect to the target via SSH using the command 'ssh msfadmin@ipaddress'. Since I have the password, I can access full admin rights."