FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names

By: Zion3R


SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names.


LFI for Lateral Movement? Gain SSH Access?
?file=../../../../../../../../home/user/.ssh/id_rsa
?file=../../../../../../../../home/user/.ssh/id_rsa-cert

SSH Private Key Looting Wordlists πŸ”’πŸ—οΈ

This repository contains a collection of wordlists to aid in locating or brute-forcing SSH private key file names. These wordlists can be useful for penetration testers, security researchers, and anyone else interested in assessing the security of SSH configurations.


Wordlist Files πŸ“
  • ssh-priv-key-loot-common.txt: Default and common naming conventions for SSH private key files.
  • ssh-priv-key-loot-medium.txt: Probable file names without backup file extensions.
  • ssh-priv-key-loot-extended.txt: Probable file names with backup file extensions.
  • ssh-priv-key-loot-*_w_gui.txt: Includes file names simulating Ctrl+C and Ctrl+V on servers with a GUI.

Usage πŸš€

These wordlists can be used with tools such as Burp Intruder, Hydra, custom python scripts, or any other bruteforcing tool that supports custom wordlists. They can help expand the scope of your brute-forcing or enumeration efforts when targeting SSH private key files.


Acknowledgements πŸ™

This wordlist repository was inspired by John Hammond in his vlog "Don't Forget This One Hacking Trick."


Disclaimer ⚠️

Please use these wordlists responsibly and only on systems you are authorized to test. Unauthorized use is illegal.



Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

By: Newsroom
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel HernΓ‘ndez said. "The worm automatically searches through known credential

Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers

By: Newsroom
Cybersecurity researchers have discovered a stealthy backdoor namedΒ EffluenceΒ that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response ServicesΒ saidΒ in an analysis published
❌