ssh
SSH Cheat Sheet
SSH has several features that are useful during pentesting and auditing. This page aims to remind us of the syntax for the most useful features. NB: This page does not attempt to replace the man page for pentesters, only to supplement it with some pertinent examples. SOCKS Proxy Set up a SOCKS proxy on 127.0.0.1:1080 that lets […]
Tool for Cracking Passphrases on Encrypted SSH Keys
Phrasen|drescher is a tool for those pentests when you’re having trouble owning those last few *nix boxes. It was released in 2007 but I hadn’t had cause to try it out until recently. If you’ve already gained access to a few *nix boxes, but can’t get into the rest you’ll naturally start trying to enumerate […]
Using SSH Without A TTY
I recently received a mail asking how to get SSH to work from within a reverse shell (see php-reverse-shell , php-findsock-shell and perl-reverse-shell ). I thought I’d write a brief description of the problems I’ve seen and how to work round them. I’d be very interested if anyone has any better solutions. Drop me a […]
Stealing Usernames and Passwords from SSHD
I just read a really cool blog post by Sebastian Krahmer. He discusses a post-exploitation technique to snoop on incomming SSH sessions – including the username and password used to authenticate.