Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: stealing ssh keys
From: Jacqui Caren <jacqui.caren () ntlworld com>
Date: Wed, 24 Oct 2012 18:59:18 +0100

On 23/10/2012 16:07, Daniel Sichel wrote:

Hello everybody:
      environment is A is hacker client? B is target and C is Manager

center and C have all A and B private key.

WTF! Why would anyone C or B or even A give out a PRIVATE key.
Does no one RTFM - you never ever give out your private key
and you protect it to heck and back.

      C are open 80,22. And this is http's 403 state on the C.
      I have A's root,how to steal private key On the C. Are there have
some vuln with openssh.
      Is there some impossible which C login in to the A and B when A and B
let C run some bash.

OK, I am a total n00b here but I do not see how having an ssl connection would help reveal an SSH key.  Our 
organization generates our root certs separate from, and unrelated to SSH keys.. I do not see how SSL access in and 
of itself, helps get at SSH keys, If it does, let me know, I bank at Chase and that would be darn handy to know 
(believe me, they have it coming)!

This is full disclosure not "help a student do his homework".
My advice: give him a very blatantly stupid answer - let him get "null 
points" from teacher :-)


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]