Backdoor Linux using SSH keys

In the penetrating with backtrack labs on viewing the/etc/passwd it’s sometimes full of other students usernames which is not very stealthy and is very noticeable, it also opens up additional vulnrablites if it were  a real pentest.

It is far easier to add your own ssh key to the root/.ssh/authorized_keys

 

First create your ssh key with the command below and hit enter a few times:

$ ssh-keygen

This will create a few files in /root/.ssh/ including id_rsa.pub

Once created you need to copy the contents of your “id_rsa.pub” to end of the authorized_keys file on the compromised host.

This is usually in /root/.ssh/authorized_keys

Then you can just ssh -p 22 root@IP and you will be logged in as root.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.