Commit `9238552`

Richard Luby <richluby@gmail.com>

2016-09-28 13:35:49

added solution for level05

level05 has an insecure backup folder with a file archive. the archive contains ssh keys for the localhost ssh server

master

1 parent c9cf8c4

Changed files (1)

exploit_exercises

nebula

level05

readme.md

@@ -1,10 +1,16 @@
+# Nebula - level05 - Directory Permissions
 
-----------------------------------------------
+## About
 
-About
-Source code
-Check the flag05 home directory. You are looking for weak directory
+Check the `flag05` home directory. You are looking for weak directory
 permissions
-To do this level, log in as the level05 account with the password
-level05. Files for this level can be found in /home/flag05.
-There is no source code available for this level
+To do this level, log in as the `level05` account with the password
+`level05`. Files for this level can be found in `/home/flag05`.
+There is no source code available for this level.
+
+## Solution
+
+The `flag05` has world readable permissions for the `/home/flag05/.backup` folder. The file
+`backup-19072011.tgz` can be read and copied to the current folder. Use `tar xzf backup-19072011.tgz`
+to extract the contents of the file. A new `.ssh` folder is created that contains ssh keys. Use
+`ssh -i .ssh/id_rsa localhost` to access the shell for this level.

Commit 9238552

Commit `9238552`