Starting point: Markup, ssh key invalid? Stuck trying to get user.txt

Update: I SOLVED IT!

Hey, internet stranger :slight_smile: If you got this far without a solution, here is what has worked for me (may need to install puttygen first with sudo apt-get install puttygen):

chmod 600 id_rsa
puttygen id_rsa -O private-openssh -o id_rsa.conv

This will convert a key into private Openssh format (even though it already should have been one). Source: Describes how to install and use puttygen on Linux. Puttygen is a command-line tool for generating and manipulating SSH keys for the Linux version of Putty.

This command will generate an id_rsa.conv and the generated file will already have the correct permissions (chmod 600). Ssh-ing with id_rsa.conv got me into Daniel’s desktop.

I don’t know if it’s a combination of things I’ve done previously, but id_rsa was a freshly copied and pasted key into a new file, I’ve nuked all my previous attempts and started over. I’ve also noticed that previously the very same command didn’t work, so it must be the fact it’s a new file.

Happy hacking!

10 Likes

Glad you got to the bottom of it and thanks for posting your solution for others (sorry I couldn’t help, Linux and SSH keys are not my strong suit lol). Too many people just say “nvm I fixed it” and don’t explain what they did for other people with the same issue

No worries, thank you for posting! I realise this is a very niche problem, but this is the beauty of the forums - there is a very high chance that someone might have struggled with the exact same issue. And if I am the only one - may as well fill this gap and ease the unnecessary struggles for others :slight_smile:

Here is a little addition, that has just occurred to me today to address the problem of copying and pasting from the popup window on the website. I have watched John Hammond’s Youtube video on BurpSuite and have noticed the walkthrough seems to completely glance past it, but the missing steps to get the response and the request appearing side-by-side in BurpSuite are:

  • right click on the Intercept form and selecting “Send to Repeater”
  • click the Repeater tab and you will be able to re-use the same request multiple times instead of intercepting and tweaking a new one every time

The screenshots on the walkthrough just seem to have the top tabs trimmed off, assuming that it’s common knowledge, but for a BurpSuite newbie it’s still important little details.

1 Like

When encountering ssh issues try to use -v option in order to look at what’s working and what’s not.

In order to avoid future issues in htb lab boxes etc I’d advise to either create or edit your .ssh/config file to look like this:

kali@kali:~$ cat .ssh/config
Host *
PubkeyAcceptedKeyTypes=+ssh-dss
PubkeyAcceptedKeyTypes=+ssh-rsa
HostkeyAlgorithms +ssh-dss,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

Or you can edit the system-wide config file /etc/ssh/ssh_config so that sudo ssh works for tunneling purposes to accept multiple hostkey types by adding the same line:

HostkeyAlgorithms +ssh-dss,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

1 Like

@ffolstag Welcome to the forums :slight_smile: I was not aware of the -v flag’s existence in ssh! Thank you for bringing it to my attention. I am also constantly seeking to add new things to my configs! This one will definitely be exciting to try out :slight_smile:

@tasidonya cheers for sharing, this just saved me a lot of pain XD

wasted an hour and a half trying to troubleshoot this. HTB, please at least add a section in the walkthrough to avoid wasting people’s time over little stuff like this

1 Like

@tasidonya thanks for sharing this

Hello, I’m a noob and I’m hitting a wall here on the ssh. I copied the Openssh private key i got from burp. “chmod 600 id_rsa” I ran the command " ssh -i id_rsa daniel@10.10.10.49" i still keep getting Load key “id_rsa”: invalid format. I followed all the instructions on here. even restarting the machine to no luck.

When i run puttygen i get this
puttygen: unable to load file `id_rsa’: not a recognised key file format

any input would be greatly appreciated.

So i got it to work. So after chmod 400 on id_rsa. I sudo nano id_rsa and removed any spaces

To anybody else still banging their head aginat a brick wall with this, the key has to be in this format:

My Burpsuite didn’t capture the -----END OPENSSH PRIVATE KEY----- bit! Add this at the end of your key file and it might work!

I am stuck in privilege escalation. Modified the job and tried my best. But still, I don’t get connected and the job file automatically changes to default. Can someone help?

I wish I could hug you. I’ve been stuck on this for DAYS trying to figure out how to move forward. THANK YOU so much for going out if your way to post your process and solutions. I tried each of these (except the last one THAT WORKED) before I starting searching for others who ran into this issue. The solution that worked for you, worked for me. Thank you again for your genius.

Thanks!

Thanks @tasidonya for the help! Even though I solved it, I found an easier way. No need to download puttygen and making an id_rsa.conv file. I tested it myself and no Load key “id_rsa”: invalid format popped up. Without giving much away, look over the Readable Private Keys section. Hope this helps someone!

Thanks for working this out. I was having the same issue for a different box.

Oh my gosh thank you so much. Spent a good 30 min dealing with this. Thank you very much my good sir.
Going to save this to my useful links folder

I wasted an hour trying to fix this , so fking idiot , follow as below
nanoo ./id_rsa

then delete any space in the document

1 Like

My Request includes…

<?xml version = "1.0"?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///c:/users/daniel/.ssh/id_rsa'>]>
<order><quantity>111</quantity><item>Home Appliances</item><address>super</address></order>

and just returns a 200 with no sign of any key data.

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 19:57:33 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.2.28
X-Powered-By: PHP/7.2.28
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 49
Connection: close
Content-Type: text/html; charset=UTF-8

Your order for Home Appliances has been processed

Payload looks fine to me (famous last words). Spent over an hour on just this. Please can anyone help see what I am missing? :face_with_peeking_eye: