Got id_rsa, cannot ssh into brainfuck

Hi all, new here. Brainfuck is the second box I have attempted.

As per the topic title I got the id_rsa but cannot ssh into the machine.

I reverted the machine back to its original state, then went through the steps to decode the message in supers3cret.brainfuck.htb, download id_rsa and ran ssh -i id_rsa orestis@brainfuck.htb without success.

I first deleted /root/.ssh/* (thinking there might be an invalid key if they regenerated the key on every revert) then copied id_rsa into it, but I am specifying the private key anyway so think this shouldn’t matter.

Anybody got any ideas? I am guessing it is a pretty straightforward ssh key management thing on my end or something but I can’t find anything that might give me a clue on google).

Thanks

Hi,

i am not sure what is your situation but i think you need a pair which means private and public key. You can keep private key unchanged, but if you are using the private key from your attack box (in general any box in case the keys are not owned by your user) you need to chmod 600 the key as it will make you owner of the key (you will avoid error with unprotected private key during the ssh initial connection). Second step is create your own public key with ssh-keygen -t rsa (you don’t need to create passwords there). Since now you have a watermark of your box in public key, but you are still missing the relation between your captured private key and your public key so you need to extract the original public key from your captured private key. You can do it like this ssh-keygen -f ‘your_captured_private_key’ -y. Now you have to copy the extracted content of the public key and paste it into your own created public key (the content of your public key must be identical with the extracted data). Last step is chmod 600 on your public key and you should be good to go for ssh to the box.

BTW sometimes happen that the personal key is password protected, in that situation you need to use John the Ripper (ssh2john and then try to crack it with john and some solid wordlist).

Hi Zelli, thanks so much for your thoughtful reply.

The situation with this box is that I was able to get a link to a user’s private key. I extracted the password as you suggested withssh2john then john, and I chmod 600’d it.

I will come back to the machine at a later date and try it from scratch if I don’t get any other suggestions. I assume I have done something daft. Thanks