[root@blogs-v2~]# nmap--script'ssh2*'192.168.0.221Starting Nmap6.40(http://nmap.org)at2022-03-0815:43CSTNmap scan reportfor192.168.0.221Host isup(0.0022s latency).Not shown:998closed portsPORTSTATESERVICE22/tcp open ssh|ssh2-enum-algos:|kex_algorithms(12)|curve25519-sha256|curve25519-sha...
The following are the most common weak MAC algorithms encountered: hmac-md5 hmac-md5-96 hmac-sha1-96 hmac-sha2-256-96 hmac-sha2-512-96 Pentesting SSH MAC Algorithms Pentesters can quickly confirm what SSH MAC algorithms are supported with the followingnmap script: ...
sshkey-exchange-algorithmsecdh-sha2-nistp256curve25519-sha256diffie-hellman-group-exchange-sha256 Reference:Aruba Documentation Pentesting SSH Weak Key Exchange Algorithm The followingnmapscript is the fastest way to confirm algorithm supported:
- 你可以用ssh -vv参数来连接一个SSH服务器,然后在输出中查看客户端和服务器提供的算法列表,比如local client KEXINIT proposal是客户端提供的密钥交换算法列表,peer server KEXINIT proposal是服务器提供的密钥交换算法列表²。 - 你可以用nmap --script ssh2-enum-algos命令来扫描一个SSH服务器,然后查看它支持的...
Similarly, we can usenmapto see what ciphers the target server offers. For this purpose, we use thessh2-enum-algos.nsescript: $ nmap -sV --script=ssh2-enum-algos.nse -p 22 192.168.29.116 ... | encryption_algorithms: (6) | chacha20-poly1305@openssh.com ...
使用Nmap 验证: nmap --script ssh2-enum-algos -sV -p 22 10.142.78.193 可以看到支持 arcfour、arcfour128、arcfour256 等弱加密算法。 三、漏洞修复 方案一:修改 SSH 配置文件,添加加密算法: 先备份文件cp sshd_config sshd_config20210225 vim /etc/ssh/sshd_config ...
当你找到易受攻击的版本时,nmap应该看到类似以下内容: 22/tcp open ssh libssh 0.8.3 (protocol 2.0) searchsploit(用于本地浏览Exploit-DB的工具)显示了可用于libssh的现有漏洞利用。 searchsploit libssh --- --- Exploit Title | Path | (/usr/share/exploitdb/) ---...