Password spraying
#~ cme ssh 192.168.1.0/24 -u userfile -p passwordfile --no-bruteforce
Expected Results:
SSH 127.0.0.1 22 127.0.0.1 [*] SSH-2.0-OpenSSH_8.2p1 Debian-4
SSH 127.0.0.1 22 127.0.0.1 [+] user:password
By default CME will exit after a successful login is found. Using the
--continue-on-success
flag will continue spraying even after a valid password is found. Usefull for spraying a single password against a large user list.
You can also use Hydra available by default on Kali to bruteforce SSH password, it's faster and better :)
Last modified 3yr ago