Exploiting SSH key based authentication

May 23, 2014
Pentests

This is rather be a quick post and intended to be a reference note for me (and you all).

Recently, I exploited a vulnerability to gain shell of the remote system. Yeah, this is remotely over SSH connection..:) The pre-requisites are:

1. Remote server must have SSH service running.

2. Remote server must have vagrant module installed.

3. Support key based authentication.

To detect server has vagrant module installed, browse http://example.com/vagrantfile. This should give you a pop-up to download a file. Refer here for vagrantfile info.

When vagrant is installed on the box, it creates a default user called vagrant with www rights and accepts incoming connections for the user vagrant having valid keys. The keys are known and can be downloaded from here. To exploit, replace these keys with your public and private keys or use below command:

ssh -i <key_files> vagrant@<remote_server_ip>

And here you go, you gain access to shell instantly and own the box...:)

Happy testing and hacking!!!

Share this post
Wordpress Security
Malware Analysis
Tools & Techniques
Pentests
PTaaS
Cyber Security
Technology
Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Latest blogs

Latest updates in cybersecurity services

View All
Blacklock Blog Image
Wordpress CMS Security
Managing Wordpress and Joomla Security
June 9, 2016
Wordpress CMS Security
Pentests
Data Validation Framework – HDIV at a Glance
July 12, 2013
Pentests
Tools & Techniques
Automating NMAP Capabilities
August 8, 2014
Tools & Techniques