SSH Tips
Connect with pem/user/ip
This will allow you to stay connected to the CTF (metasploitCtf)
chmod 600 ctf.pem
ssh -i ctf.pem [email protected]
Root Logins Allowed
Found an ssh key, but can you log in with root?
grep PermitRootLogin /etc/sshd_config
vim root_key
mod 600 root_key
ssh -i root_key [email protected]
Unable to negotiate
REF: sundayHTB
> ssh [email protected] -p 22022
Unable to negotiate with 10.129.87.203 port 22022: no matching key exchange method found.
Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected] -p 22022
..connect!
keys
If you found the ssh_key and the password
You can decode it like this:
> openssl rsa -in privkey -out decodedkey ..enter: mysecretkey
SSH Konami Code (pivot)
ssh port forward (ref: SSHPivots)
While still in the same ssh session
Dynamic Port Forward listening on localhost:1080 going to SSH
And you get to keep your session!
Scenario: VNC Server is only exposed locally on PoisonHTB.
-----------
ssh myserver
<Enter> ..new line
~C ..commandline options for ssh
ssh> -D 1080 ..Dynamic port to 9001
netstat -anlp | grep 1080 ..local to confirm listening
-----------
Firefox
New Proxy > Manual > 127.0.0.1 1080 SOCKSv5
(dont block localhost)
Firefox
http://127.0.0.1:5901 ..route through 1080 to vnc port 5901
ssh key crack
Last updated
Was this helpful?