DevOoops: Client Provisioning (Vagrant)

Notes from the 2015 Devoops Talk

Vagrant used to ship with a default keypair and was difficult to rotate.

**fixed with new versions of Vagrant. Finding hosts using the default key still pretty likely.

Did you change your SSH keys?

Default Credentials
root/vagrant  vagrant/vagrant
No pass to sudo 🙂

Scanning for the default key using metasploit (ssh_login_pubkey module)

Identify real from fake by ssh version scan

Log in with private key

*** This is a Security Bloggers Network syndicated blog from Carnal0wnage & Attack Research Blog authored by CG. Read the original post at: http://carnal0wnage.attackresearch.com/2017/01/devooops-client-provisioning-vagrant.html