How to succeed a Pentesting using SSH Keys (RSA and DSA) of the target ???Advanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Advanced Penetration Testing Course How to succeed a Pentesting using SSH Keys (RSA and DSA) of the target ???

This topic contains 1 reply, has 2 voices, and was last updated by  mr_clark 4 years, 3 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #48978

    apocalypse0
    Participant

    Hello.
    I train to do a pentesting starting first with my scanner vulnerable web application installed locally (localhost).
       After scanned with NMAP, I notice a scan result that display “ssh-hostkey (DSA) and (RSA)” above:

    22/tcp  open   ssh      OpenSSH 5.3 (protocol 2.0)
    
    | ssh-hostkey: 
    
    |   1024 26:87:9b:.........48:7e:83 (DSA)
    
    |_  2048 08:76:66.......95:59:92:d0 (RSA)

    1 – So, how to continue my penetration test using those keys (DSA) and (RSA) provided by NMAP on my target ???

    2 – How to successfully access the Shell of my target (localhost) using Metasploit and SSH port 22 which is open ???

    Thank you to explain.

    • This topic was modified 4 years, 3 months ago by  apocalypse0.
    • This topic was modified 4 years, 3 months ago by  apocalypse0.
    • This topic was modified 4 years, 3 months ago by  apocalypse0.
    #49704

    mr_clark
    Moderator

    You can’t. All it’s telling you is what kind of host keys the system has.

    It’s sort of like knowing they have Schlage lock on their front door. Nice to know but doesn’t help you break into the house.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel