Another day, another challenge…
In today’s blog post we’re going to solve the “Keyz” challenge in the PicoCTF.
Let’s get started.
Going to the challenge we see the following:
OK, we need to add our public key to the authorized keys file using the web shell.
Let’s see what the hints say.
Clicking on the hints we see:
OK. There’s a tutorial that we can leverage. Let’s look at it.
Going to the link above, we see section 3 describes how to generate an ssh key.
I have done this in the screenshot below:
Now our key pairs (public and private) have been created. Next we need to transport the public key to the server – shell2017.picoctf.com.
Let’s do it.
Next we’re going to do the following:
This command allows us to add the public (.pub) key to be appended to the end of the authorized_keys file.
Finally we’re going to ssh into the server.
Well what do we have… the flag!
We’ve acquired an additional 20 points!