I can’t figure out what am I supposed to do with ssh keys. I understand that we need to have the user+pass+ssh_publickey to be able to ssh in. The thing is that I don’t understand how to get the good key and how to log with it.
I tried ssh_audit on the target, and i got this :
Then I looked in the cheat sheet and tried the > ssh -i [key] user@host
I also tried to add them in the .ssh_id file but nothing good came out.
So if someone could show me the way to go it would be nice. Thx.
Ok, I see. Well you still didn’t got ssh key for now. Don’t worry about of the ssh service for now, only focus now over the 21 and 2121 port.
The key that you need to ssh on the server is locate in the ftp server. As you can see the server seems that it has 2 ftp servers, but no. The 21 port is the port of the real ftp server, and the 2121 port is only a proxy for ftp server. Try to research about this proxy and how it works. That’s the hint, the ssh key is in the ftp server, don’t worry if the commands don’t work in the ftp server and don’t see any output on the commands that you issue in the ftp server. Try found the way to download all the files that’s stored in the the ftp server and you will get it.
And as I said, research about over this ftp proxy or 2121 port.
That’s all. Again forget for now the ssh service and only focus on the ftp server. If you still stuck telling me.
Mmmm idk, when I solved this lab never I used metasploit. I suggest for you, don’t use metasploit, at least over these labs. Because you need understand how to exploit manually these labs. Is only a suggest, if you want solve this labs with metasploit it’s fine. But if you exploit these labs manually, you will gain more knowledge and experience.
I am stucked at this point, at this moment, by researching for proxy or 2121 I have to brute force ceil’s password.
I see that I can interact with the service, but every command that I try, ask me to login
I used the hint given by HTB Academy which is the password of the user “ceil”. I also did a dictionary attack using the “rockyou.txt” and also got the password, but I don’t know if there is another way to get the password of “ceil”. Does anyone know another way?
As another user on the forum said, the “id_rsa” is inside one of the two FTP servers that you will get if you use a HTB cheatsheet command to download all the files (hidden and non-hidden) from the FTP.
You will then use that key to connect via SSH… Note that the hint says something about the “id_rsa” needs specific permissions to work.
Hey! I need help I got the public and private key from FTP but this is what I got when I tried to transfer the key to the remote server and ssh: identity_sign: private key /home/kali/.ssh/id_rsa contents do not match public email@example.com: Permission denied (public key).
From memory - You need to transfer the private key on your attacking machine and then use a specific ssh command to use the private key to log on to the victims machine. Don’t forget to set the correct file permissions on the private key file.
Hi guys, can you help me with this challenge? I tried to enumerate with Nmap the server. Next, I tried to login to the FTP server on port 21 and 2121 with the “ceil” credentials’ but cannot do anything. I tried, also, the following command: wget -m --no-passive ftp://USER:PSW@IP and it download a file named “.listing” which no contains useful informations.