Fuzz Testing a Secure Shell (SSH) Server

Overview

This topic describes how to test a SSH server using the SSH module in beSTORM.

Testing

To test a SSH server with beSTORM, do the following:

1. Install beSTORM Client on a computer that is not in use or on a network and assign an IP address to it. This will create the beSTORM server.

2. Set up an SSH server on another computer that is also not in use or on a network and assign an IP address to it. If your SSH server is Windows-based, do the following:

   1. Open beSTORM Monitor.

   2. On the Processes tab, select SSH.

   3. In the Host box, enter the IP address of the beSTORM server, and then select Attach.

3. Using an Ethernet cable, connect the beSTORM server to the SSH server. Do not include a switch between the two servers.

4. Open beSTORM Client.

5. Select New Project. The beSTORM New Project Wizard opens.

6. On the Welcome page, do the following:

   1. In the Project Name box, enter a name.

   2. Optionally, select a different file location for your project in the Location Name box.

   3. Leave Please select the wizard set to Simple.

   4. Leave Perform a port scan, and service detection and assist me in choosing the relevant module unchecked.

      

7. Select Next.

8. On the Basic Configuration page, do the following:

   1. In the beSTORM's predefined modules list, select SSH.

   2. In the Hostname or IP address box, enter the IP address of the SSH server.

   3. In the Protocol list, select tcp.

   4. In the Remote Port box, enter 22.

      

9. Select Next.

10. On the Module Environment page, enter the correct SSH credentials for checks beyond the SSH sign in, in the Username and Password value boxes.

    

11. Select Next.

12. If the SSH server is not accessible, select ICMP Echo and TCP Echo on the Extra Configuration page. Leave all other parameters to their default setting.

    

13. Select Next.

14. On the Complete beSTORM wizard page, select Finish to begin testing, or clear the Auto-start beSTORM scan now checkbox to run the test later.

15. If an exception occurs once your test begins (that is, an attack was successful), a message will appear in the Exception Information dialog informing you that the remote server is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.

    

16. When testing is complete, select Report from the Test Information pane to view a short report of your test. To generate a more comprehensive report of your test, select Report > Generate Report from the beSTORM Client.