22 - SSH

less than 1 minute read

Gather SSH public keys from servers

ssh-keyscan -t rsa 10.10.10.3 -p 22

Can be used in authorized_keys for login id_rsa.pub

Can be cracked with ssh2john and john

locate *2john*

ssh2john.py SSH.private > ssh.hash
cat ssh.hash 

john --wordlist=rockyou.txt ssh.hash

john ssh.hash --show

chmod 600 id_rsa

ssh -i id_rsa john@10.10.10.3

ssh john@10.10.10.3

1 minute read

less than 1 minute read

less than 1 minute read

1 minute read