Skip to main content

Pentest and exploit SSH servers.

# To spray the specified [p]assword against a list of [u]sernames on the specified target:
nxc ssh <192.168.178.2> -u <path/to/usernames.txt> -p <password>

# To search for valid credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords:
nxc ssh <192.168.178.2> -u <path/to/usernames.txt> -p <path/to/passwords.txt>

# To use the specified private key for authentication, using the supplied [p]assword as the key's passphrase:
nxc ssh <192.186.178.2> -u <path/to/usernames.txt> -p <password> --key-file <path/to/id_rsa>

# To try a combination of [u]sername and [p]assword on a number of targets:
nxc ssh <192.168.178.0/24> -u <username> -p <password>

# To check for 'sudo' privileges on a successful login:
nxc ssh <192.168.178.2> -u <username> -p <path/to/passwords.txt> --sudo-check