![[备忘录]如果连接通过xx.xx.xx.xx.xx端口22连接到连接到TryHackMe时该怎么办。](https://hack-lab-256.com/wp-content/uploads/2023/04/hack-lab-256-samnail-10.jpg)
我想使用TryHackme连接到SSH,但是我很难这样做,所以我将其作为备忘录。
如果有人遇到同样的问题,我认为这可能会有所帮助。
推荐的参考书
pochip
pochip
作者:贾斯汀·塞茨(Justin Seitz),作者:蒂姆·阿诺德(Tim Arnold),监督者:曼塔尼·诺布塔卡(Mantani Nobutaka),翻译:arai yu,翻译:卡卡拉·hirosei(Kakara Hirosei),翻译:村上
¥3,520 (截至12:26在07/09/2025 |亚马逊研究)
pochip
作者:Tokumaru Hiroshi
¥3,520 (截至2025/07/12 00:44 |亚马逊研究)
pochip
目录
期望ssh2_msg_kex_dh_gex_group停止处理
要检查事件,我尝试使用“ -vvv” sshing。
┌──(hacklab㉿hacklab)-[~] └─$ ssh user@10.10.237.121 -vvv 130 ⨯ OpenSSH_8.7p1 Debian-4, OpenSSL 1.1.1m 14 Dec 2021 debug1: Reading configuration data /home/hacklab/.ssh/config debug1: /home/hacklab/.ssh/config第1行:应用 * debug1的选项:读取配置数据/etc/ssh/ssh/ssh/ssh_config debug1:/etc/etc/sssh/ssh/ssh_config第19行:include/etc/ssh/ssh/ssh/ssh/ssh_config.debug1: resolve_caronicize:主机名10.10.237.121是地址debug3:扩展的UsernownhostSfile'〜/.ssh/nown.hosts' - >'/home/hacklab/.ssh/nownion_hosts'debug3: '/home/hacklab/.ssh/nown_hosts2'debug3:ssh_connect_direct:输入debug1:连接到10.10.237.121 [10.10.237.121]端口22。 debug1:身份file/home/hacklab/.ssh/id_rsa类型-1 debug1:身份file/home/hacklab/.ssh/id_rsa-cert type -1 debug1 debug1 debug1:Identity file/home/hacklab/.ssh/id_dsa type -1 debug1 debug1 debug1:debug1 deba fime -deba fige -deba fige -deba type -deba fige -deba fige -debab/身份file/home/hacklab/.ssh/id_ecdsa type -1 debug1:身份file/home/hacklab/.ssh/id_ecdsa-cert type -1 debug1 debug1 debug1:身份file/home/hacklab/.ssh/id_ecdsa_ecdsa_ecdsa_sk type -1 debug1 debug1 debug1 debug1 debug1 debyity file/filesy file/sshlebe debug1: identity file /home/hacklab/.ssh/id_ed25519 type -1 debug1: identity file /home/hacklab/.ssh/id_ed25519-cert type -1 debug1: identity file /home/hacklab/.ssh/id_ed25519_sk type -1 debug1: identity file /home/hacklab/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/hacklab/.ssh/id_xmss type -1 debug1: identity file /home/hacklab/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.7p1 Debian-4 debug1: Remote协议版本2.0,远程软件版本openssh_5.5p1 debian-6+squeeze5 debug1:compat_banner:匹配:openssh_5.5p1 debian-6+squeeze5 pat openssh_5* compat 0x0c000002 debug2 debug2 debug2 debug2:fd 3设置o_nonblock deagug1:aunteriatiating to dealIntic debigation to debigation to debiging to debigation debediate debigation debigation debife load_hostkeys: fopen /home/hacklab/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen /home/hacklab/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /home/hacklab/.ssh/known_hosts2: No such file or directory debug1:load_hostkeys:fopen/etc/ssh/ssh/ssh_known_hosts:no这样的文件或目录debug1:load_hostkeys:fopen/etc/etc/ssh/ssh/ssh _noknown_hosts2:no of core_hostkeyalgs:noce_hostkeyalgs:no algorithm匹配;接受原始DEBUG3:发送数据包:类型20 debug1:ssh2_msg_kexinit已发送debug3:接收数据包:type 20 debug1:ssh2_msg_kexinit接收到debug2:本地客户端kexinit提案debug2:kex算法:kex算法: curve25519-SHA256,curve25519-SHA256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-g ROUP-EXCHANGE-SHA256,DIFFIE-HELLMAN-GROUP16-SHA512,DIFFIE-HELLMAN-GROUP18-SHA512,DIFFIE-HELLMAN-GROUP14-SHA256,EXT-INFO-C debug2:主机密钥算法: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2 -nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-c ERT-V01@openssh.com,RSA-SHA2-256-CERT-V01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-Ed25519,ecdsa-sha2-nistp256,ecdsa-sha2 -nistp384,ECDSA-SHA2-NISTP521,SK-SSH-ED25519@openssh.com,SK-ECDSA-SHA2-NISTP256@openssh.com,RSA-SHA2-512,RSA-SHA2-512,RSA-SHA2-SHA2-256,SSH-RSA,SSH-RSA debug2:ciphers ctos:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com@openssh.com debug2:ciphers debug2:ciphers stoc:ciphers stoc:ciphers stoc:ciphers stoc:ciphers stoc:ciphers stoc:c. chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2:macs ctos:macs ctos:macs ctos: UMAC-64-ETM@openssh.com,umac-128-Etm@openssh.com,hmac-sha2-256-Etm@openssh.com,hmac-sha2-512-Etm@openssh.c OM,HMAC-SHA1-ETM@openssh.com,umac-64@openssh.com,umac-128@openssh.com,HMAC-SHA2-256,HMAC-SHA2-512,HMAC-SHA1 Debug2:Macs Stoc: UMAC-64-ETM@openssh.com,umac-128-Etm@openssh.com,hmac-sha2-256-Etm@openssh.com,hmac-sha2-512-Etm@openssh.c OM,HMAC-SHA1-ETM@openssh.com,umac-64@openssh.com,umac-128@openssh.com,HMAC-SHA2-256,HMAC-SHA2-512,HMAC-SHA1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss debug2: ciphers ctos: AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC,3DES-CBC,BLOCLFISH-CBC,CORS128-CBC,AES192-CBC,AES192-CBC,AES256-CBC,AES256-CBC,AES256-CBC,ARCFOR,ARCBBCBB,RIJNDAEL,RIJNDAEL:R.LISER.RIJNDAEL:R.LISWALE@liys: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2:Macs CTO:HMAC-MD5,HMAC-SHA1,UMAC-64@openssh.com,HMAC-RIPEMD160,HMAC-RIPEMD160@openssh.com,HMAC-SHA1-96,HMAC-MD5-96 DEBUG2:MACS debug2:Macs Stoc:Macs Stoc:Macs Stoc:: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com压缩:无debug1:kex:client->服务器cipher:aes128-ctr mac:umac-64@openssh.com压缩:无debug3:发送数据包:type 34 debug1:ssh2_msg_kex_gex_gex_gex_gex_request(2048 <3072 <8192) 10.10.237.121端口22当我检查时,我发现它被“期望SSH2_MSG_KEX_DH_GEX_GROUP”停止。 。 。
经过一些研究,我遇到了一些文章,上面说MTU值很差。
首先,当我检查MTU值时,我发现ETH0为1500。
┌-─(hacklab㉿hacklab) - [〜]└─$ ifconfig127⨯Eth0:flags = 4163<UP,BROADCAST,RUNNING,MULTICAST> MTU 1500 ...现在,我将ETH0设置为1454。
┌-(hacklab㉿hacklab) - [〜]└─$ sudo ifconfig eth0 mtu 1454 我在这种状态下再次尝试了SSH,它起作用了!呢
┌──(hacklab㉿hacklab)-[~] └─$ ssh user@10.10.237.121 user@10.10.237.121's password: Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64 The programs included with the Debian GNU/Linux system are free software;在/usr/share/doc/*/版权所有的单个文件中描述了每个程序的确切分发术语。在适用法律允许的范围内,Debian GNU/Linux绝对没有保修。上次登录时间:4月5日至4月5日11:11:52 2023来自IP-10-18-110-90.eu-west-1.compute.internal user@debian:〜$概括
服务器正在运行,但是当我“关闭连接”时,我感到惊慌,但是我能够以某种方式连接,所以我很高兴。
参考和站点
@it: https://atmarkit.itmedia.co.jp/flinux/rensai/linuxtips/418chkmtu.html
![[hackthebox]如果“发生httpclient类型的错误:: ceartiveTimeouterror发生,则执行消息已过期”该怎么办”](https://hack-lab-256.com/wp-content/uploads/2023/09/hack-lab-256-samnail-4-300x169.jpg)
![[CVE-2015-3306]我列举了共享的桑巴舞,操纵脆弱的版本,并通过操纵路径变量来升级特权! Tryhackme Kenobi写作](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-2-300x169.jpg)
![[用于初学者的永久CTF] SetoDanote CTF Web写入!建议获得CTF的感觉!](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-1-1-300x169.jpg)
![[TRYHACKME]我们使用Wireshark进行了数据包分析,以研究SSH-Backdoor的侵入! aterpass2写入](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-300x169.jpg)
![[CVE-2018-16763]燃料CMS 1.4.1-我将远程代码执行(1)转换为Python 3并入侵它! Tryhackme Ignite写作](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-25-300x169.jpg)
![[tryhackme]我使用ssh2john从私钥中提取哈希,并用开膛手约翰(John The Ripper)入侵密码!立交桥写入](https://hack-lab-256.com/wp-content/uploads/2023/07/hack-lab-256-samnail-24-300x169.jpg)
![[tryhackme]我尝试渗透带有ret2ESP攻击的Windows机器(缓冲区溢出)!头脑风暴写作](https://hack-lab-256.com/wp-content/uploads/2023/06/hack-lab-256-samnail-23-300x169.jpg)