How to pwned Nebula : Level05 - Weak permission and ssh private key

Exploit-Exercice : Nebula

Level05 - Weak permission and ssh private key

This level is not really hard let’s begin !

Here is what exploit-exercice tell us about this

Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.

Another Weak directory permission ? Well let’s find this directory ( I hope you remember how pwned level00 )

find / -user flag05 -perm -005-type d 2>/dev/null

The command above will find a directory owned by flag05 with readable and executable permission set

A backup directory ? Let’s look into it

There is a tgz file, let’s see what the content of this file with tar -tvf

So this is the backup of the .ssh file, there is a id_rsa key so we can log into flag05 account !

untar the private key

So now we can use it

level05 pwned !
Well done, hope you’re ready for level06 !

This topic was automatically closed after 30 days. New replies are no longer allowed.