齐治堡垒机私钥登录及后渗透

1.私钥登录

（目前在 php 版本齐治成功，其他版本未测试）
1、老、新版本私钥。

-----BEGIN RSA PRIVATE KEY-----
MIIEoAIBAAKCAQB7V4tLlm3ovqf+cB3oxNSPkClbniZ5WM6VzLDKDoM5kE3iOFA3
S+t6YpldoJXeG2pcI7K1yy/80eg/u9UXM6No05F/8F2Dmb648nZn28Y+qfaeB3N6
GFFZd9g2ziHyr1ACJ61Vw3/3oO/QSdqYZX5R/EQEE4LBwsWpQ3P72w+Knls8MkkR
9gDSGVG1CCL7kW1iA4qLf/oWwALAucfkqE4qjekNZ4OaZBHiZlJRtDa+DTX6Z9gL
t65o2jcT9KSwiXi95JGqPBT71pS6PFqkNrnwEJSnYnJLnuTKvFur85XjscUylxHk
Rq/bPkH4I9ubkS3oKGigC0sHwxpXQDImK1d7AgElAoIBAG4B+MbgHNaAh/6bWPIz
AsU7YygzG2VPNMrLUZGePa/hkZJpk6bwr20ngd3iQHn8xqU0mHigduhoMAF+Az40
+YcB4qKKRZEMlVjYQBdw/OvIBXgwKLkA7pvnbdAD9MOxHdhok61bVnUS/2a+aQR2
MmTMPKmwiWC0onRewWQWZ86nqXtyFoxS5vg1MsRZ7uuYZIabiBwHdV1F7/8ULGhq
tjgw+M0gEJtL/Y4cJp9KTPcnREtSlQqDg1AInCzlFfkXvzWFgA0+PT3K+5vblq5I
eRP6SCwTVN+OHN2sVV5dCg4DvERGS3Et3ZCzoM0h56gkbTTk4g4/TVozs+L9/oS3
DY0CgYEAzIMZNkdGtcz9kWAPZ+nwU83Dn9CFCQNlTemrYOnF55R4L6VQvC8YBJbp
zh4Cy2RT4np70a+Vci+CIfyuaTFY9ctsoWqb4MaizsaiIRqqiFmoGbwrFS/uILTp
NS1+ptO8KL6BIa2Q0+Xuma9bBepe7TOMDF6BE4g1R4q2qvm/zfECgYEAmmT+AUSf
6vaSh2lOFAl6HTti/MoZXfhZ3g5kY7wdLaxqc+by09Ry+MNsd+2zciWVDq9ZITFQ
uIKEu1GLMmAlZr43lvp5c2wKXkTaUogUJfRfYE0xNEARbWrbn/1h803SZISgVc8V
1AV+f6DZH4gRKxw24q2v2QMlTu0Pp91vwCsCgYBujA2gzJTspigy59D55jy3rX5/
5lW/rs75rr2Afl0jO388WVwSsaweKA+tr1t03EkEzJX0zZzjxqc090mE+BRpL7BX
QIucGFgBEWxk69HNKYtMLlx6J7787CsH/OqDsLi8E/LGGKFP8ejBxpIRCRC3kXwi
XJjMSaBCWNFxLQ27bQKBgD6XpT7IyzW96GBo9iPMfZ0l6dwalKmOMkVEGtxTLmx2
VKuHJCxdDAP8MuSC9binc8eu3vHH4nRQlqzOB/+qcAcO2EQgWsAXCx9MWIJS17xc
JqqAKLRRUyxbwNIoc9FW5pd0CaY/MlzfofxjzaT/z5vbAX59w9SEvBkT/22RH3dr
AoGBALD449ZyuNkuSVlBmuxN8c5xnXK8vZz3KmCwGM6Qgsh8v53atJXmQtE8fm3l
pSycvnxGlxLfyc4eLIjZeiP8RfIFsuMRp1Z0ChMQzLCAsSjUJhu1gjy8Zcl1HAFr
KwNUOqRPR6YBptM+4wE3LP/R5GBioNB2gE8xF/46i70VzUJz
-----END RSA PRIVATE KEY-----

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5rrSU89XnecjLizUkA1OeCLm4OWBojl4JD3amMNPlo6jYUKc
jCR8/JRG5I7YQo/h3LQAH/2bXz3TRrG8j8shFpSYOyXBmjKry/2LM80zEELAgRJd
szw9RxKY9xjGh4bOrLODoGcsKduS6XjtVVC9MR/Skh8BjrnduTogYHzpdZEj6tNm
6IXkmf9NhkFNktvn1wTMcZvYFATTeSC+Kn1+1s6aZ/Mc3McZUFjVfL6MTHZjCpKt
ZR7j4rJ0nYHZSDbV8woc2UtCyKfe++ArXC5ONIBFZSyWNhnGWjoTmWTjFqZ0BVjf
/o7z+3a5q6EDR5q++Wfg1Mfa1kt7ztf+gD4P+QIDAQABAoIBACRN8RpO3bJy1A5H
74pbDaXJmBp7AlLMSCMruGGhGbzO5NZA7PEALMpxalY8Q7r1eMyJZhuig/gQelX9
UXYuuB4dc3abEkN5BZ8rXePgvdApMLEeeq/hIqM0Qe1fcJ2SkKKL/IIYudI8QnmK
FY3/DkXUhAWJ62zRwhmLE90ayoE88LXInNdRFbt9OQsCT3tNSngSs3/nKXtJycZH
/s2EuAmrJAWNOgguTGqYV7NI60xWcqJS+JWOarjYPi6yUN1nf8gz19k001/FNmop
d1b35HuQry+65SDGcb4jW64wEh3+49Q0+RFqMLMw7+HY8YnaNoI1CppYofwSuqAY
tck68KECgYEA9KYPSxOVd1alQ70T3cgn9P2g8r5zzCeWG+ltzXyP3HT+fKe0wwXN
Yqcb0hQouMq++93SdZpApETa5wfoRATOdVr+XDzfpQGrGolHDPGmZW2kGOb2+mTI
PiCiwbfao+yseVH2dirqm3Lhzmu84ZRkluMEWryj6TR6wKXhm4wrNjcCgYEA8W9u
17Zn3F4W/w41UanQmlZhxpG5lq/G+E3q0fUjtxOuzuNdisK1rU32DgsHEL6k9VsV
vm69q6zcvaw6dnyYtTTaTIBNHcMzB/0HG5/5bMMoK7A0sZKrb+GuguXQ8SkoNWkW
N567h6rmRSXag72k9+poxEW9KIdIuE81yywP008CgYAQVeY/hRc92LNASqfA71R7
r1PH4Z+pyhrj0jpati6E8ersN+aB/ykvpSjeZiox7JfECZO79ojKby6OrqB7qjZ+
74x8bDQiuHHMW846twf9TczfPMzQ+1nDjDpR5QzcVTlPAIIMceEocAtT1S3PgjEV
QiNQS7hGIhLwOiNOV5WrEQKBgQDZJpG6YOw/bz0dwGjCf4sJFcKxd6ZF2umJsYMP
vn2WD5T9rdAXmxMOwf0aGl8Ld30k1PzUoAPmYf7UdhDLOzuaV+Q0RH2X1FaUy8bV
2OfdJBaAXOa4BCQ/5+su/ocUMSFiEJeUBSfEWTjtXqOQNEUpWmNKjTMaPbtxUoUe
rQ26zwKBgQCDGapjC8bUPoHWuhF66CnVM4owZy/RW+z2VCTkYGC0B/LVCBN2yJFr
s3y1C5tkb2+xhRSjn+NdZJMsozt0MeQSm53rdetEyDr9Ln4iH5Q5fyBHR1pR7wWi
cSeO+2tG7QXBC9xyxbYl5FJuRsurYZhKkWmErxAWJq/EkLGrCAOepA==
-----END RSA PRIVATE KEY-----

2、直接指定私钥登录，可以使用 xshell、命令行（ssh 端口可能是 22 或者 8022）
命令行命令：ssh [email protected] -i rsa -p 22

我这里直接使用 xshell 登录了。

登录成功。

2.后利用

/var/cache/php/sessions/目录下存放了明文账号密码。


登录成功。