Obtaining Remote Access Using SSH Keys
The basic idea behind this type of exploit is to copy your SSH keys into the remote machine's list of authorized keys. It requires write access to the remote filesystem.
On the attacker machine, the public key is located in
Using a remote shell on metasploitable, or by taking advantage of backdoors, or by mounting the remote filesystem using an exploit, gain write access to the victim's machine. Then copy the public key into </code>/root/.ssh/authorized_keys</code>, and you'll have passwordless root access.
If you have write access to a filesystem, this technique can turn that write access into remote shell access without cracking the root password.
Then you'll be able to log in like this:
# ssh firstname.lastname@example.org Last login: Tue Mar 22 20:26:16 EDT 2016 from :0.0 on pts/0 Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 root@metasploitable:~#
Metasploitany and all resources related to metasploit on this wiki
Category:Metasploit - pages labeled with the "Metasploit" category label
MSF/Wordlists - wordlists that come bundled with Metasploit
MSFVenom - msfvenom is used to craft payloads
Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload.
Flags · Template:MetasploitFlag · e
Metasploitable: The Red TeamMetasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL
Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP
SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force
SSH Penetration with Keys: Metasploitable/SSH/Keys
SSH Penetration with Metasploit: Metasploitable/SSH/Exploits
Exploiting NFS: Metasploitable/NFS
Exploiting DNS Bind Server: Metasploitable/DNS Bind
Exploiting Apache (with Metasploit): Metasploitable/Apache
Exploiting Apache (with Python): Metasploitable/Apache/Python
Tor's Hammer DoS Attack: Metasploitable/TorsHammer *
Apache DAV: Metasploitable/Apache/DAV *
Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
General approach to memory-based attacks: Metasploitable/Memory
Investigating memory data: Metasploitable/Volatile Data Investigation
Dumping Memory from Metasploit: Metasploitable/Dumping Memory
(Have not done much work on fuzzing Metasploitable...)
Flags · Template:MetasploitableRedTeamFlag · e
Metasploitablue: The Blue TeamMetasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue.
Metasploitable On-Machine Defenses:
Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation
Linux Artifact Investigation: Metasploitable/Artifact Investigation
Linux Iptables Essentials: Metasploitable/Iptables
Firewall Assurance and Testing: Metasploitable/Firewall
Password Assessment: Metasploitable/Password Assessment
Standard Unix Ports: Unix/Ports
Nmap (Blue Team): Metasploitable/Nmap
Network Traffic Analysis: Metasploitable/Network Traffic Analysis
Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns
Snort IDS: Metasploitable/Snort
Flags · Template:MetasploitableBlueTeamFlag · e
sshsecure shell, the most useful tool in unix
Building SSH tunnels: SSH Tunnels
Tunnel SSH through HTTPS: Stunnel
Tunnel SSH through DNS: Iodine
Raspberry Pi and SSH:
Linux and SSH:
Flags · Template:SSHFlag · e