Nothing too interesting right there, lets move onto the next user
Look at that! Pirrip has the .ssh directory available. Lets browse to it and see what's there.
Wow, we can download the users private and public keys. Remember our Nmap results from earlier? The server is running OpenSSH which uses RSA for cryptography. RSA uses 2 keys a public and private key. If an attacker gets a hold of your private key it is very very bad. They can assume your identity and login without needing to supply your password. Lets grab those RSA keys.
I downloaded both keys and put them in my home /.ssh directory We need to chmod the files so they have the correct permissions
Now lets try to login using pirrips keys
No comments:
Post a Comment