Trying to gain access via SSH

When that worked I was able to see a file browers and file viewer

Within the file browser I typed /home/jason/ - I then saw the user.txt flag and noticed that ssh was running

While still in the file viewer i tried to type in /home/jason/.ssh/authorized_keys – This was to see what keys i could access. I got a permission failure.

So next I tried /home/jason/.ssh/id_rsa - conveniently I got access to the rsa private key.

I then copied this into a sublime file named jason_id_rsa and i changed the permissions to only give myself readable access.

With this information at hand I need a tool like John the ripper to help crack the password to the machine. John the Ripper (JtR) is a password cracking tool originally produced for UNIX-based systems. It was designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks.

First I needed to find it with "locate ssh2john.py" then type in the address of where I found it to put it into usage and finally include the rsa file.

As you can see JtR successfully cracked the password, now with all that information I am able to successfully SSH into Jason's machine.

PreviousBruteforcing MFA Code NextInside SSH

Last updated 2 years ago