Top Posts Tagged with #ssh-keygen

Popular Recent

HTB - Horizontall (Part 2)

Continued from Part I --> https://pillothecat-hacks.tumblr.com/post/672411290205093888/htb-horizontall-part-1

Find the user flag

Find the user flag in home/developer/user.txt

------------------------

Privilege Escalation

Next, we’ll need to upgrade our privilege to root shell to obtain the root flag.

Let’s start off by looking for additional vulnerabilities from our new shell.

After much search for any files with open permissions, command executions, and network connections, we’ll notice additional open ports with programs running on them.

--> netstat -antup

After curling a few of the ports on the victim’s local host, we’ll find that port 1337 is running mysql and port 8000 is utilizing a Laravel v8 php framework.

From searching exploits for Laravel v8, we can find another remote code execution script CVE: 2021-3129.

------------------------

SSH keygen and login

For the exploit found in the previous step to work, we’ll need to port forward 8000. As seen from netstat enumeration, we’ll need to connect to the victim’s loopback address by first “ssh”ing into the system.

In order to achieve this, first create an ssh-keygen from our local machine.

--> ssh-keygen *from Kali

Then copy the key into the victim’s machine; the key is saved in ~/.ssh/authorized_keys

--> echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbjR2N81pTJ31fRwPBIrwn/g5JglLgJFcfrK/2QzJ/xwgJrVP/PybeYpXkZTpS5pFMs2b8B5jOgNpMEM2Q3hEjaHrqvzfj1MGcqLhXnw8ohUHQqXkF33XxFsz/S8h99m3A/dJcgn6QhnU2OyEDKs/2SqJNsIgs0PfRXGp+GlD8vHPakKTulwBAmjBJLsZGJA1z4ALnSVLVqgzUFb9ZdldrAXTLJVD8GZym5u5vwHOhyJAR21Z+6Ht4mGzqzIL17hxrR6eHi+/4qHzsev/f2FypJie/g0Gzw+hoNkuHAqHaBZkjQ+KyumlBkfEGDJoeqMvGsA5jtxguzoB/gkih/vnH9LBIsHqW+h/ORfsYGDtM1UllmISDBndeDeLL4iH596P3cqpxGCQZW/dtOGxDhg/YNssbj1zvxgCF8euz4h96xiFw9KvNNommcjXjTox8lij8xyf0usDK7KvDxLzBWq0tBQtInX/EPl0BhDXPenc8bM4UddFSFllN8dNLqiJSjgk= kali@kali > ~/.ssh/authorized_keys *from Horizontall machine

** Note that the path /usr/lib/openssh/ssh-keysign was listed when we checked for files with open permissions, and thus indicated that we are able to create a key in our victim’s machine

Now back in our Kali, we can ssh into the victim’s machine with our key that we’ve generated and forward the port.

For more information on the syntax --> https://linuxize.com/post/how-to-setup-ssh-tunneling/

Let’s check and confirm to see if the port has been forwarded by viewing it from the browser (with the loopback IP, since we are now on the localhost)

From a new terminal in Kali, we can now execute the RCE (CVE2021-3129). Exploit can be found and downloaded from here

--> https://github.com/nth347/CVE-2021-3129_exploit

Upon executing the script we receive the following message for the proper syntax.

The output states that we can use Monolog/RCE1 as the <CHAIN> . As for the <CMD>, since we are looking for the root flag, we can direct our command to “cat /root/root.txt” to retrieve the root flag!

#ssh-keygen #Strapi #Laravel #RCE

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

ssh-keygenのメモ

# ファイルを指定して作成 $ ssh-keygen -t rsa -f ~/.ssh/id_rsa_file_name

ref

ssh-keygenでファイル名を指定して作成

#ssh-keygen #memo #howto

Error SSH remote - "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

Error SSH remote – “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”

Ao tentar conectar via SSH o cliente do ssh apresenta o seguinte erro abaixo.

Acima digite o ip ou nome do servidor para gerar uma nova key O comando acima gera a nova chave. Tente agora conectar no servidor remoto. Confirme a autenticação e conexão . Pronto, agora voce esta conectado no seu servidor remoto.

View On WordPress

#Key #remote host #ssh #ssh-keygen

How to install Operations Manager v.2.6

VMware Enterprise PKS 1.5 comes with Operations Manager (OpsMan) version 2.6.8 The deployment of the Operations manager 2.6.8 is different from its earlier versions.

In this blog post, we will see how to install Operations Manager 2.6. In the older versions, we installed it using username and password. However, it is a little different from version 2.6. To install Ops Manager v.2.6 on…

View On WordPress

#operations manager #opsman 2.6 #pivotal #ssh-keygen #vmware

Use a Custom Git SSH Key

When you want to use a different SSH key from the default ~/.ssh/id_rsa most of the available ways I have read from blogs are either you:

Use a custom host and assign it in ~/.ssh/config

Use the GIT_SSH and remember to prepend it everytime you will pull/push from remote

Here's my alternative approach.

#git #ssh #ssh-keygen

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

gitlab ssh-key 등록방법

gitlab의 저장소에 외부에서 push, pull로 접근할때는, 프로젝트에 push/pull권한을 가진 user에게 등록된 public 키와 외부에 있는 private키의 일치여부를 확인해 접근한다.

1. 키를 생성하는 방식과 public 키를 gitlab에 등록하는 방식은 아래 링크를 따라한다.

https://gitlab.com/help/ssh/README

2. ssh private key가 .ssh 폴더에 저장되어 있더라도 연결이 안되는 경우가 있다.(맥의 경우). 그럴 경우 하단 링크를 따라한다.

https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/

3. 키가 제대로 등록되었는지 확인하는 방법은

ssh-add -l

을 입력하면 가능하다.

#ssh-keygen #ssh-add #ssh-agent

Tạo tài khoản ssh và vô hiệu hóa truy cập ssh qua root user

Sau khi tạo server vps ubuntu, Bạn có thể truy cập vào vps mặc định qua user root. nhưng việc này kém bảo mật vì vậy cần tạo tài khoản khác dành cho truy cập từ xa. Ngoài ra cũng cần tắt truy cập bằng mật khẩu và truy cập qua root.

Cơ chế truy cập bảo mật ssh là sử dụng mã hóa rsa hoạc hệ mã tương tự. Mã hóa rsa sẽ tạo ra một cặp khóa public và private. Đăng ký khóa public cho server sẽ truy cập…

View On WordPress

#Bảo mật #Máy chủ #ssh-keygen

Creating a Private Repo on GitLab

GitLab (gitlab.com) is a company that hosts git repositories in the cloud, like GitHub. Unlike GitHub, GitLab offers free repositories that can have multiple contributors.

To create your own private git repository on Gitlab:

Create an account

Activate it

Create a project

If you haven’t already, generate an SSL key pair:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Add the public half of…

View On WordPress

#gitlab #repository #ssh-keygen

HTB - Horizontall (Part 2)

Continued from Part I --> https://pillothecat-hacks.tumblr.com/post/672411290205093888/htb-horizontall-part-1

Find the user flag

Find the user flag in home/developer/user.txt

------------------------

Privilege Escalation

Next, we’ll need to upgrade our privilege to root shell to obtain the root flag.

Let’s start off by looking for additional vulnerabilities from our new shell.

After much search for any files with open permissions, command executions, and network connections, we’ll notice additional open ports with programs running on them.

--> netstat -antup

After curling a few of the ports on the victim’s local host, we’ll find that port 1337 is running mysql and port 8000 is utilizing a Laravel v8 php framework.

From searching exploits for Laravel v8, we can find another remote code execution script CVE: 2021-3129.

------------------------

SSH keygen and login

In order to achieve this, first create an ssh-keygen from our local machine.

--> ssh-keygen *from Kali

Then copy the key into the victim’s machine; the key is saved in ~/.ssh/authorized_keys

** Note that the path /usr/lib/openssh/ssh-keysign was listed when we checked for files with open permissions, and thus indicated that we are able to create a key in our victim’s machine

Now back in our Kali, we can ssh into the victim’s machine with our key that we’ve generated and forward the port.

For more information on the syntax --> https://linuxize.com/post/how-to-setup-ssh-tunneling/

Let’s check and confirm to see if the port has been forwarded by viewing it from the browser (with the loopback IP, since we are now on the localhost)

From a new terminal in Kali, we can now execute the RCE (CVE2021-3129). Exploit can be found and downloaded from here

--> https://github.com/nth347/CVE-2021-3129_exploit

Upon executing the script we receive the following message for the proper syntax.

#ssh-keygen #Strapi #Laravel #RCE

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

ssh-keygenのメモ

# ファイルを指定して作成 $ ssh-keygen -t rsa -f ~/.ssh/id_rsa_file_name

ref

ssh-keygenでファイル名を指定して作成

#ssh-keygen #memo #howto

Error SSH remote - "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

Error SSH remote – “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”

Ao tentar conectar via SSH o cliente do ssh apresenta o seguinte erro abaixo.

View On WordPress

#Key #remote host #ssh #ssh-keygen

How to install Operations Manager v.2.6

VMware Enterprise PKS 1.5 comes with Operations Manager (OpsMan) version 2.6.8 The deployment of the Operations manager 2.6.8 is different from its earlier versions.

View On WordPress

#operations manager #opsman 2.6 #pivotal #ssh-keygen #vmware

Use a Custom Git SSH Key

When you want to use a different SSH key from the default ~/.ssh/id_rsa most of the available ways I have read from blogs are either you:

Use a custom host and assign it in ~/.ssh/config

Use the GIT_SSH and remember to prepend it everytime you will pull/push from remote

Here's my alternative approach.

#git #ssh #ssh-keygen

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

gitlab ssh-key 등록방법

1. 키를 생성하는 방식과 public 키를 gitlab에 등록하는 방식은 아래 링크를 따라한다.

https://gitlab.com/help/ssh/README

2. ssh private key가 .ssh 폴더에 저장되어 있더라도 연결이 안되는 경우가 있다.(맥의 경우). 그럴 경우 하단 링크를 따라한다.

https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/

3. 키가 제대로 등록되었는지 확인하는 방법은

ssh-add -l

을 입력하면 가능하다.

#ssh-keygen #ssh-add #ssh-agent

Tạo tài khoản ssh và vô hiệu hóa truy cập ssh qua root user

View On WordPress

#Bảo mật #Máy chủ #ssh-keygen

Creating a Private Repo on GitLab

GitLab (gitlab.com) is a company that hosts git repositories in the cloud, like GitHub. Unlike GitHub, GitLab offers free repositories that can have multiple contributors.

To create your own private git repository on Gitlab:

Create an account

Activate it

Create a project

If you haven’t already, generate an SSL key pair:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Add the public half of…

View On WordPress

#gitlab #repository #ssh-keygen

Top Posts Tagged with #ssh-keygen | Tumlook

Trending Tags

Last Seen Tags

#ssh-keygen

Trending Tags

Last Seen Tags

#ssh-keygen