Notes

Service Enumeration

Back

---

Quick Access

• FTP

---

FTP

• Try anonymous login : For password press ENTER

• Try Username enumeration using hydra

• Try Password brute force using hydra or nmap FTP Brute script.

Once we get access to files , we can use get filename command to get copy of file on our system.

---

SSH

• Use nmap to gether version of SSH

• Use Netcat to connect with SSH port for banner grabbing.

• Use nmap scripts to enumerate key used by ssh, auth methods allowed for users.

Dictionary attack - Bruteforce approach

• Use hydra, nmap or Metasploit for username enumeration and password brute forcing.

---