Academy | Getting Started | Privilege Escalation

MetalMonkey667 · July 22, 2021, 10:48am

I’ve managed to get myself completely stuck on the last part of the Privilege Escalation in the HTB Academy.

All signs point towards getting hold of the users id_rsa, copy and chmod, and then ssh in with the copied credentials. However when I do this I’m asked for a password and that’s as far as I can get.

I did notice something though, when I was doing a very similar task on TryHackMe, I copied over the contents of the id_rsa, and pasted them into a blank document via the file manager. When I saved the file, the icon changed to a key (which says to me that linux has recognised it as an ssh key), but when I do the same procedure in the HTB instance, it stays as a generic text file, suggesting that it’s not recognised as a key, and that would be why the password is still asked for.

I have absolutely no idea how to get round this issue, so any help would be appreciated!

P.S There is a Reddit thread on this topic Reddit - Dive into anything , but it hasn’t helped so far

MetalMonkey667 · August 19, 2021, 9:26am

SOLVED:

After banging my head against a wall for weeks, I was watching one of John Hammond’s videos, and he made a point of mentioning that when copying id_rsa keys, you need to make sure that there is a blank line at the bottom, underneath where it says “End of Key”.

Once I amended that it logged in with no issues

levmyshkin · November 12, 2021, 7:29am

Thank you for this post MetalMonkey667. I’ve spent days trying to get past this. I’ve copied the id_rsa file to both nano and vim, and added and extra line at the end. In each case, when I try to ssh to user2 using the file, I get the error:

Load key “id_rsa”: invalid format

If I do anything else (eg pre adding the extra line), I get asked for a password for user2, which of course I don’t have.

It sounds so straightforward, but is there a specific way to add the extra line in vim so I don’t get the format error please?

Allandeq · April 26, 2022, 7:43am

I think the mtealMonkey point was about the second flag to get root access.

Regarding user2 you can use the command line sudo -u user2 /bin/bash to get access

Allandeq · April 26, 2022, 8:16am

Hi guys,

I get the error message Load key “id_rsa”: invalid format when trying to connect to root with ssh user@spawn -i id_rsa.
I have tried to copy the private key content on a new files in my local machine using both vim and nano and same results.
Is anyone have an idea of why I get that result?

Thanks

Stuermchen · July 20, 2022, 8:53am

make sure u use root as user -->ssh root@[ip-address] -p[port] -i id_rsa

bryan · November 9, 2022, 1:49am

It was confusing, but I succeeded, first it is to do the sudo -l and depending on what pss adds to you is that…

and the second flag a very important clue was to put root instead of user1 or user2
example: ssh root@(ip) -p(port) -i(the filename id_rsa)

note: sorry my english is bad

slobo · January 29, 2023, 5:46pm

Hello, after several hours trying the same thing I ended up giving up because despite the help on the forums I can not connect as root with the ssh key, I am always asked for a password that I am obviously not, I followed to the letter all the comments on the forums nothing works would someone be in the same case as me please? sorry for my English is Google Translate