SSH Private Keys
MITRE ATT&CK™ Unsecured Credentials: Private Keys - T1552.004
Theory
We may search for SSH private key in publicly-exposed services (like webservers ore SMB shares) or in common directories if we gained access to the target.
Practice
Find Private Keys
We may find SSH keys in all .ssh directories using the find command.
find / -type d -name *.ssh -printf '%p\n' -exec ls -l {} \; 2>/dev/nullWe may find SSH keys in C:\Users\(username)\.ssh\ directories.
dir C:\Users\(username)\.ssh\Brute-Force Private Keys
If an SSH private key is password protected, in order to crack it we need to format this key to make John recognize it.
ssh2john private_key.txt > hash.txt
# or
python2 /usr/share/john/ssh2john.py private_key.txt > hash.txtCrack the password of the private key using the formatted text.
#John
john --wordlist=wordlist.txt hash.txtLast updated
Was this helpful?