Ssh2john is part of John The Reaper suite. This is a script that basically transforms [RSA/DSA/EC/OPENSSH (SSH private keys) ] private key to john format for later cracking using JtR

How to

1. Having an RSA private key already

  • cat id_rsa

2. locate the ssh2john script using find

  • find / -iname *ssh2john* > /dev/null
  • locate *ssh2john*

3. Run the script against the RSA private key ‘id_rsa’, and create a new file with the content of the output

  • /usr/share/john/ssh2john.py
  • /usr/share/john/ssh2john.py id_rsa > id_rsa.john
  • cat id_rsa.john

4. Now that we created the new file named id_rsa.john, we need to run john against it. We will use rockyou.txt as the wordlist. The result is secretz101 as the password.

  • john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa.john

5. Knowing already the username of the owner of this private key. We can try to SSH to our target machine. We will use an uncommon port (4655)

  • ssh -i id_rsa stefano@192.168.0.7 -p 4655
  • Password: secretz101

 

Categories: Tools

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *