Friday, 19 February 2021

Creating a backdoor using SSH keys

SSH Keys make for an easy backdoor into a system. Kali comes with a tool called ssh-keygen that creates a public/private keypair. When you run ssh-keygen you will be prompted what to name your private key. Name it id_rsa. Next enter your passphrase you would like to login with(This can also be blank meaning no password required). 

id_rsa.pub is what goes inside the authorized_keys file. Just append the key to the end of the file and create it if it does not already exist with:

echo "<public key>" >> authorized_keys

chmod authorized_keys to 600 if it was not already created(This is important). Now copy the contents of id_rsa to your own system and paste it into a file named id_rsa and chmod it to 600.

Now from your own system you will be able to ssh without a password(if you left blank in ssh-keygen) using ssh -i id_rsa sweps@<victim_ip>. You can remove id_rsa on the victim machine.