I am trying to get the user flag on Markup. The premise is, you do an XXE and get the contents of the id_rsa
file. In the walkthrough the response came back in BurpSuite, for me, for some reason it didn’t.
Instead I got the file contents in a popup window on the website itself, that usually notifies the user that their order is successful.
Popup window on the website with the key screenshot: Imgur: The magic of the Internet
I got my SSH key in the same popup window and pasted it into a new file, titled id_rsa
. Then I have followed the walkthrough, ran the chmod
and tried to ssh with the private key (commands, copied verbatim from the tutorial):
chmod 400 id_rsa
ssh -i id_rsa daniel@10.10.10.49
But the response I got from trying to ssh was:
Load key "id_rsa": invalid format
Error message screenshot: Imgur: The magic of the Internet
My question is, what is the valid format here? I seem to have mine in the following:
-----BEGIN OPENSSH PRIVATE KEY-----
<36 lines of the key itself, ending with '=='>
-----END OPENSSH PRIVATE KEY-----
I tried generating my own id_rsa
to see if the format differs anyhow. It didn’t really, except that there were around 50 lines in the file in total and instead of “OPENSSH” it had “RSA”, which I have tried changing in the key I copied to no avail.
Should there be a new line anywhere? This is definitely the key, why is SSH unhappy?