Notes from the 2015 Devoops Talk
Vagrant used to ship with a default keypair and was difficult to rotate.
**fixed with new versions of Vagrant. Finding hosts using the default key still pretty likely.
Did you change your SSH keys?
Scanning for the default key using metasploit (ssh_login_pubkey module)
Identify real from fake by ssh version scan
Log in with private key
*** This is a Security Bloggers Network syndicated blog from Carnal0wnage & Attack Research Blog authored by CG. Read the original post at: http://carnal0wnage.attackresearch.com/2017/01/devooops-client-provisioning-vagrant.html