Exploit-Exercice : Nebula
Level05 - Weak permission and ssh private key
This level is not really hard let’s begin !
Here is what exploit-exercice tell us about this
Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.
Another Weak directory permission ? Well let’s find this directory ( I hope you remember how pwned level00 )
find / -user flag05 -perm -005-type d 2>/dev/null
The command above will find a directory owned by flag05 with readable and executable permission set
A backup directory ? Let’s look into it
There is a tgz file, let’s see what the content of this file with tar -tvf
So this is the backup of the .ssh file, there is a id_rsa key so we can log into flag05 account !
untar the private key
So now we can use it
level05 pwned !
Well done, hope you’re ready for level06 !