SSH Tips

Connect with pem/user/ip

This will allow you to stay connected to the CTF (metasploitCtf)

chmod 600 ctf.pem
ssh -i ctf.pem [email protected]

Root Logins Allowed

Found an ssh key, but can you log in with root?

grep PermitRootLogin /etc/sshd_config 
vim root_key 
mod 600 root_key 
ssh -i root_key [email protected]

Unable to negotiate

REF: sundayHTB

> ssh [email protected] -p 22022
Unable to negotiate with 10.129.87.203 port 22022: no matching key exchange method found. 
Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected] -p 22022
..connect!

keys

If you found the ssh_key and the password
You can decode it like this:

> openssl rsa -in privkey -out decodedkey     ..enter: mysecretkey

SSH Konami Code (pivot)

ssh port forward (ref: SSHPivots)
While still in the same ssh session
https://www.sans.org/blog/using-the-ssh-konami-code-ssh-control-sequences/
Dynamic Port Forward listening on localhost:1080 going to SSH
And you get to keep your session!
Scenario: VNC Server is only exposed locally on PoisonHTB.

-----------
ssh myserver
<Enter>                    ..new line
~C                         ..commandline options for ssh
ssh> -D 1080               ..Dynamic port to 9001 

netstat -anlp | grep 1080  ..local to confirm listening

-----------
Firefox
New Proxy > Manual > 127.0.0.1 1080 SOCKSv5
(dont block localhost)

Firefox
http://127.0.0.1:5901      ..route through 1080 to vnc port 5901

ssh key crack

ssh2john

PreviousSMB Samba NextSQLite3

Last updated 2 years ago

Was this helpful?