KitPloitKITPLOIT:7388838676793839543SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names
7.2 High
AI Score
Confidence
Low
SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names.
LFI for Lateral Movement? Gain SSH Access?
?file=../../../../../../../../home/user/.ssh/id_rsa
?file=../../../../../../../../home/user/.ssh/id_rsa-cert
SSH Private Key Looting Wordlists πποΈ
This repository contains a collection of wordlists to aid in locating or brute-forcing SSH private key file names. These wordlists can be useful for penetration testers, security researchers, and anyone else interested in assessing the security of SSH configurations.
Wordlist Files π
- ssh-priv-key-loot-common.txt: Default and common naming conventions for SSH private key files.
- ssh-priv-key-loot-medium.txt: Probable file names without backup file extensions.
- ssh-priv-key-loot-extended.txt: Probable file names with backup file extensions.
- ssh-priv-key-loot-*_w_gui.txt: Includes file names simulating Ctrl+C and Ctrl+V on servers with a GUI.
Usage π
These wordlists can be used with tools such as Burp Intruder, Hydra, custom python scripts, or any other bruteforcing tool that supports custom wordlists. They can help expand the scope of your brute-forcing or enumeration efforts when targeting SSH private key files.
Acknowledgements π
This wordlist repository was inspired by John Hammond in his vlog βDonβt Forget This One Hacking Trick.β
Disclaimer β οΈ
Please use these wordlists responsibly and only on systems you are authorized to test. Unauthorized use is illegal.
7.2 High
AI Score
Confidence
Low