Monday, January 16, 2017

DevOoops: Client Provisioning (Vagrant)


Notes from the 2015 Devoops Talk

Vagrant used to ship with a default keypair and was difficult to rotate.

**fixed with new versions of Vagrant. Finding hosts using the default key still pretty likely.


Did you change your SSH keys?


Default Credentials

root/vagrant  vagrant/vagrant

No pass to sudo :-)


Scanning for the default key using metasploit (ssh_login_pubkey module)



Identify real from fake by ssh version scan



Log in with private key

CG

No comments: