Nebula exploit exercises walkthrough – level05

Check the flag05 home directory. You are looking for weak directory permissions

Let’s start looking in /home/flag05:

Compare to the home directory of level05:

So we have .ssh – the store of SSH keys for the user – and .backup. The .ssh directory is locked down so we can’t see it.

Let’s look in .backup:

A single backup .tgz. Let’s copy it out to our own home directory and unpack.

That’s the private (id_rsa) and public (id_rsa.pub) keys for flag05. They may well work on the local machine:

Simple. That’s why you should keep your private key private!

Leave a Reply

Your email will not be published. Name and Email fields are required.