Post cover image

June 4, 2026

Full server takeover ssh leak (dell technologies) by (RECON)

السلام عليكم ورحمة الله

Omar kiwan

2 min read

Full server takeover ssh leak (dell technologies) by (RECON)

In this write-up, I will explain how I achieved a full server takeover on a (Dell Technologies) asset through reconnaissance alone.

I won't go into every detail of my reconnaissance methodology since it varies depending on the target . Instead, I'll focus on the steps that directly led to the vulnerability.

None

Reconnaissance

The first step was collecting the SSL certificate used by the target.

None

Using the certificate information, I searched for other hosts sharing the same certificate through "Shodan":

ssl:"Dell Technologies Inc"
None

This query revealed multiple IP addresses associated with the same SSL certificate.

I manually reviewed the discovered hosts, paying close attention to {http:titles} and panels that appeared potentially exposed or misconfigured.

None

Content Discovery

After identifying several interesting targets, I started fuzzing directories and files.

For quick enumeration, I used Dirsearch tool to identify accessible paths and hidden resources.

During the enumeration process, I discovered an endpoint that returned the contents of:

/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
None None

At this point, the target was already affected by a Local File Inclusion (LFI) vulnerability that allowed arbitrary file disclosure.

Escalating the Impact

for more impact start find way to exploit and find ssh key

so i used more than diroctery that one worked

After several attempts, I successfully located and retrieved an SSH private key from the affected system.

https://16..*.**:port/home/user/.ssh/id_rsa

None

now i started try connect with server

None

Server Compromise

Using the exposed SSH private key, I authenticated to the target server through SSH.

The key provided privileged access to the system, ultimately resulting in complete server compromise.

The vulnerability chain was:

  1. SSL certificate reconnaissance.
  2. Discovery of related hosts through Shodan.
  3. Directory/file enumeration.
  4. Local File Inclusion (LFI).
  5. SSH private key disclosure.
  6. SSH authentication.
  7. Full server takeover.

Impact

  • Arbitrary file disclosure.
  • Exposure of sensitive credentials.
  • Unauthorized SSH access.
  • Complete server takeover.
  • Potential access to internal infrastructure and connected assets.