Monday, January 16, 2017

DevOoops: Client Provisioning (Vagrant)

Notes from the 2015 Devoops Talk

Vagrant used to ship with a default keypair and was difficult to rotate.

**fixed with new versions of Vagrant. Finding hosts using the default key still pretty likely.


Did you change your SSH keys?


Default Credentials

root/vagrant  vagrant/vagrant

No pass to sudo :-)


Scanning for the default key using metasploit (ssh_login_pubkey module)



Identify real from fake by ssh version scan



Log in with private key

1 comment:

  1. You can always protect your website with Web Application Firewall from cloud-based security provider like Incapsula.

    Tools Lists

    1. Scan My Server
    2. SUCURI
    3. Qualys SSL Labs, Qualys FreeScan
    4. Quttera
    5. Detectify
    6. SiteGuarding
    7. Web Inspector
    8. Acunetix
    9. Asafa Web
    10. Netsparker Cloud
    11. UpGuard Web Scan
    12. Tinfoil Security

    ReplyDelete