• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
Craig Hays

Craig Hays

  • Cybersecurity
  • Principles
  • Newsletter
  • Learn Cyber Security
    • Hacking and Defending User Accounts
    • Learning Guides
  • Contact
  • Show Search
Hide Search
You are here: Home / Archives for shell

shell

Gaining Lateral Movement with SSH Password Sniffing

February 19, 2020 By Craig Hays Leave a Comment

Reading Time: 5 minutes

Sometimes the best way to gain lateral movement during a penetration test is to steal a password. Here’s how to sniff passwords from a running SSH server.

OpenSSH Password Sniffing
Photo by Clint McKoy on Unsplash

If you’ve managed to gain a remote shell onto a Linux server and elevated your privileges to root (congrats!), the next step is to maintain your access and gain lateral movement around the network. If you’ve been unable to find anything on the compromised server that would indicate a password for any system, including the compromised server, you can always try to sniff SSH passwords straight out of OpenSSH. You can even be doing this while attacking password hashes offline. I always prefer multiple options that race each other to the correct answer.

The Reality of SSH Passwords

Lateral movement through OpenSSH password sniffing is a very viable concept because:

  • People use the same username and password combinations on multiple systems
  • Passwords often follow a common pattern which can be used to predict other passwords on the estate
  • People type valid passwords into the wrong servers.
  • Given enough time, someone will always login

There are exceptions to the above but unfortunately, most organisations are not that mature.

3 Ways to Sniff SSH Passwords on a Compromised Server

[Read more…] about Gaining Lateral Movement with SSH Password Sniffing

Primary Sidebar

Newsletter

Want to get smarter about cyber security? Join my growing list of newsletter readers for exclusive news, reviews, how-tos, and more.

· © Craig Hays, 2006–2023 ·

  • Phishing