Metasploitable/SSH/Keys: Difference between revisions
From charlesreid1
(Created page with "=Background Info= On your attacking machine, copy your public SSH key in <code>~/.ssh/id_rsa.pub</code>. Using your remote shell, modify the Metasploitable Virtual Machine's...") |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
= | =Obtaining Remote Access Using SSH Keys= | ||
On | The basic idea behind this type of exploit is to copy your SSH keys into the remote machine's list of authorized keys. It requires write access to the remote filesystem. | ||
On the attacker machine, the public key is located in <code>~/.ssh/id_rsa.pub</code>. | |||
Using a remote shell on metasploitable, or by taking advantage of backdoors, or by mounting the remote filesystem using an exploit, gain write access to the victim's machine. Then copy the public key into </code>/root/.ssh/authorized_keys</code>, and you'll have passwordless root access. | |||
If you have write access to a filesystem, this technique can turn that write access into remote shell access ''without cracking the root password''. | |||
Then you'll be able to log in like this: | Then you'll be able to log in like this: | ||
| Line 9: | Line 15: | ||
Last login: Tue Mar 22 20:26:16 EDT 2016 from :0.0 on pts/0 | Last login: Tue Mar 22 20:26:16 EDT 2016 from :0.0 on pts/0 | ||
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 | Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 | ||
root@metasploitable:~# | root@metasploitable:~# | ||
</pre> | </pre> | ||
=Flags= | =Flags= | ||
{{MSFlag}} | {{MSFlag}} | ||
{{SSHFlag}} | |||
Latest revision as of 02:32, 26 October 2017
Obtaining Remote Access Using SSH Keys
The basic idea behind this type of exploit is to copy your SSH keys into the remote machine's list of authorized keys. It requires write access to the remote filesystem.
On the attacker machine, the public key is located in ~/.ssh/id_rsa.pub.
Using a remote shell on metasploitable, or by taking advantage of backdoors, or by mounting the remote filesystem using an exploit, gain write access to the victim's machine. Then copy the public key into /root/.ssh/authorized_keys, and you'll have passwordless root access.
If you have write access to a filesystem, this technique can turn that write access into remote shell access without cracking the root password.
Then you'll be able to log in like this:
# ssh root@10.0.0.27 Last login: Tue Mar 22 20:26:16 EDT 2016 from :0.0 on pts/0 Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 root@metasploitable:~#
Flags
 |
Metasploit any and all resources related to metasploit on this wiki
Category:Metasploit - pages labeled with the "Metasploit" category label MSF/Wordlists - wordlists that come bundled with Metasploit MSFVenom - msfvenom is used to craft payloads Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload.
Category:Security · Category:Metasploit · Category:Kali
|
|
Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind
Metasploitable Services: distcc: Metasploitable/distcc
Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory
Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...)
Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali
|
|
Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping · Metasploitable/Defenses/Detecting
Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports
Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort
|
 |
ssh secure shell, the most useful tool in unix
Tunnels: Building SSH tunnels: SSH Tunnels Tunnel SSH through HTTPS: Stunnel Tunnel SSH through DNS: Iodine
Raspberry Pi and SSH: RaspberryPi/Headless · RaspberryPi/Reverse SSH RaspberryPi/SSH Stunnel · RaspberryPi/Reverse SSH Stunnel Category:SSH · Category:Networking
Linux and SSH:
Category:SSH · Category:Kali · Category:Networking Flags · Template:SSHFlag · e |