Deep Dive into Parsing SSH Keys To Exploit Improperly Sanitized Screenshots

IppSec · Beginner ·🔐 Cybersecurity ·3y ago

00:00 - Intro 00:55- Generating our SSH Key and Base64 Decoding it 02:15 - Opening the SSH Key in Bless 03:45 - Showing information from the SSH RFC which will tell us what we are parsing 04:25 - Start of parsing the SSH Key 07:00 - Opening an Encrypted Key and showing the slight changes 10:15 - Back to the unencrypted SSH Key and showing the private key does contain the private key 12:10 - Extracting the Exponent and N our of the Public Key portion 14:30 - Start of Private Key Information in the Private Key 16:00 - Extracting the variables from the Private Key Field 18:15 - Extracting Q, which is the big prime that we used in Response to rebuild the key 19:00 - Showing the comment which contains the username and hostname of the person that generated the key 20:40 - Extracting E/N from the Public Key 23:00 - Extracting Q from the Private Key again and using RsaCtfTool to generate the key

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

Security Through Obscurity: The Comforting Lie We Need to Stop Telling Ourselves

Learn why security through obscurity is a flawed approach to cybersecurity and how it can put systems at risk

Medium · Cybersecurity

Host & Network Penetration Testing: Exploitation CTF 1

Learn to solve an exploitation-based CTF challenge by identifying vulnerable applications and exploiting them

Medium · Cybersecurity

CrowdStrike’s Friday — The 78 Minutes That Broke the World’s Windows

Learn how a single configuration file exploit led to widespread disruptions in critical infrastructure and the importance of cybersecurity in preventing such incidents

Medium · Cybersecurity

Hardening Algolia MCP Server the same way I hardened Notion MCP: seven small filters

Learn to harden Algolia MCP Server with 7 small filters to secure your search index from unauthorized access and modifications

Dev.to · Mukunda Rao Katta

Chapters (13)

Intro

2:15 Opening the SSH Key in Bless

3:45 Showing information from the SSH RFC which will tell us what we are parsing

4:25 Start of parsing the SSH Key

7:00 Opening an Encrypted Key and showing the slight changes

10:15 Back to the unencrypted SSH Key and showing the private key does contain the p

12:10 Extracting the Exponent and N our of the Public Key portion

14:30 Start of Private Key Information in the Private Key

16:00 Extracting the variables from the Private Key Field

18:15 Extracting Q, which is the big prime that we used in Response to rebuild the k

19:00 Showing the comment which contains the username and hostname of the person tha

20:40 Extracting E/N from the Public Key

23:00 Extracting Q from the Private Key again and using RsaCtfTool to generate the k

Top 7 Free Cybersecurity Courses With Certificates | Learn Cybersecurity For Free | Simplilearn