Fetching SSH Private Key
Assuming you have verified the presence of Path Traversal, directory traversal, or LFI.
We can fetch SSH Private key in Linux and then we can connect using that.
Way to Fetch
Step 1: Store the /etc/passwd content
root:x:0:0:root:/root:/bin/bash
offsec:x:1000:1000:Offsec Admin:/home/offsec:/bin/bash
miranda:x:1001:1001:Miranda:/home/miranda:/bin/sh
steven:x:1002:1002:Steven:/home/steven:/bin/sh
mark:x:1003:1003:Mark:/home/mark:/bin/sh
anita:x:1004:1004:Anita:/home/anita:/bin/sh
# Above are users to check for ssh key.
# Store the output in file names as passwd_list.txtStep 2: Make a list of user present
# List of User for ssh key checking.
# Run command to automatically make the list.
awk -F: '($3 == 0 || $3 >= 1000) {print $6}' passwd_list.txt > user_list.txt
# user_list.txt
/root
/home/offsec
/home/miranda
/home/steven
/home/mark
/home/anitaStep 3: Make list of Names of SSH files in linux
Step 4: Checking for SSH Key
Got private ssh key ??
if yes !!! Try to connect to the system.
Scenario 1: Getting error
if you are getting errors like error in libcrypto then try to format the id_rsa file. Use nano Editor for pasting content.
Scenario 2: Asking for password
If SSH is asking for a password then you need to crack it.
Refer to the link below for cracking:
Last updated