SSH Penetration Testing
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a library of commands for offensive security operations, including network scanning with Nmap, credential brute-forcing using Hydra and Medusa, and vulnerability exploitation via the Metasploit Framework.
- [COMMAND_EXECUTION]: The post-exploitation section includes instructions to establish persistence on a compromised host by appending a public key to the
~/.ssh/authorized_keysfile. - [COMMAND_EXECUTION]: The methodology details steps for identifying privilege escalation paths, specifically using the
sudo -lcommand and inspecting system configuration files. - [DATA_EXFILTRATION]: The skill instructs the user or agent to search for and read sensitive data from the target file system, such as SSH private keys (
id_rsa,id_dsa,id_ecdsa,id_ed25519) and shell history files (.bash_history), which are identified as potential sources for credentials. - [EXTERNAL_DOWNLOADS]: The skill suggests using network utilities like
curlandwgetto check for and potentially retrieve exposed SSH keys from remote web servers or backup directories.
Audit Metadata