[INFO] ssh with username and password

Question

[INFO] ssh with username and password

newbeelearn opened this issue 3 years ago · comments

I used to do something like this for forwarding ssh ports
ssh -R 2000:localhost:3000 test@xx.xx.xx.xx
and enter password in command prompt

how can i do this with rospo, i tried revshell including "-i" option but it expects authorized keys
I want to login with username and password. Is it possible to do this with rospos? if yes can you share the steps.

Marco Ferragina · Answer 1 · Mon Dec 20 2021 22:27:21 GMT+0800 (China Standard Time)

Thank you for your interest in rospo :)
It expects authorized_keys to log back to the local machine. The revshell subcommand creates a reverse shell from the local machine to remote machine.

What you are trying to achive instead, is a reverse tunnel from local port 3000 to remote port 2000.
In rospo you can start that reverse tunnel using a command like:

rospo tun reverse -l :3000 -r :2000 test@xx.xx.xx.xx

pdyc · Answer 2 · Tue Dec 21 2021 01:44:05 GMT+0800 (China Standard Time)

i tried this command however it hangs with following
[SSHC] 2021/12/20 23:09:43 connecting to xx.xx.xx.xx

does that mean that it will work with authorized_keys only and in case keys are not present there is no way to provide password?

Marco Ferragina · Answer 3 · Tue Dec 21 2021 01:57:58 GMT+0800 (China Standard Time)

It should print out something like this:

The server asks for a password
Password:

which rospo version are you using? password auth support was introduced in 0.7.0

is it working with ssh command?

pdyc · Answer 4 · Tue Dec 21 2021 02:30:52 GMT+0800 (China Standard Time)

I am using 0.7.1 version that was released on 12 sep.

yes same command is working with ssh

it is not printing this message, logs are pasted below

[SSHC] 2021/12/20 23:09:43 trying to connect to remote server...
[SSHC] 2021/12/20 23:09:43 connecting to xx.xx.xx.xx:22
[SSHC] 2021/12/20 23:11:53 dial INTO remote server error. dial tcp xx.xx.xx.xx:22: connect: connection timed out
[SSHC] 2021/12/20 23:11:53 error while connecting dial tcp xx.xx.xx.xx:22: connect: connection timed out
[SSHC] 2021/12/20 23:11:58 trying to connect to remote server...
[SSHC] 2021/12/20 23:11:58 connecting to xx.xx.xx.xx:22

Marco Ferragina · Answer 5 · Tue Dec 21 2021 15:59:55 GMT+0800 (China Standard Time)

The issue doesn't seem to be related with the authentication mechanism. It seems to be a connection issue with the remote server (you got a connection time out while reaching the remote endpoint).

The weird thing is that you said that you can connect succesfully using standard openssh tools.

I never had such a issue. Thanks for reporting. If you have more details to share that could help you are welcome.

I will try to reproduce it if I can

pdyc · Answer 6 · Fri Dec 31 2021 21:13:32 GMT+0800 (China Standard Time)

It worked. Revshell also worked after giving -T and -i options. Closing the issue.