Skip to content

thefluffy007

A security researchers' thoughts on cybersecurity education, training, AND hacking ALL THE THINGS: web, mobile, cloud, etc.

  • Twitter
  • Instagram
  • YouTube
  • About Me
  • Course Content
  • Publications
  • Speaking Engagements
  • T-ATP
  • Trainings
  • Let’s Connect!

Tag: key pair

capture the flag, hacking

PicoCTF 2017 – Keyz

June 24, 2017March 3, 2021 thefluffy007

Another day, another challenge…

In today’s blog post we’re going to solve the “Keyz” challenge in the PicoCTF.

Let’s get started.

Going to the challenge we see the following:

PicoCTF_Keyz_1

OK, we need to add our public key to the authorized keys file using the web shell.

Let’s see what the hints say.

Clicking on the hints we see:

PicoCTF_Keyz_2

OK. There’s a tutorial that we can leverage. Let’s look at it.

Going to the link above, we see section 3 describes how to generate an ssh key.

I have done this in the screenshot below:

PicoCTF_Keyz_4

Now our key pairs (public and private) have been created. Next we need to transport the public key to the server – shell2017.picoctf.com.

Let’s do it.

Next we’re going to do the following:

PicoCTF_Keyz_5

This command allows us to add the public (.pub) key to be appended to the end of the authorized_keys file.

Finally we’re going to ssh into the server.

PicoCTF_Keyz_6

Well what do we have… the flag!

We’ve acquired an additional 20 points!

Tagged ctf, key pair, PicoCTF, private key, public key, remote login, sshLeave a comment

Recent Posts

  • #PwnItFridays @hackthebox_eu Starting Point Series: Three
  • #PwnItFridays @hackthebox_eu Starting Point Series: Bike
  • #PwnItFridays @hackthebox_eu Starting Point Series: Funnel
  • PwnItFridays hackthebox_eu Starting Point Series: Tactics
  • #PwnItFridays @hackthebox_eu Starting Point Series: Pennyworth

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • September 2022
  • April 2022
  • December 2021
  • November 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • November 2019
  • March 2019
  • February 2019
  • July 2018
  • June 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • January 2013
  • May 2012
  • March 2012

Categories

  • boot2root
  • capture the flag
  • cloud
  • cybersecurity education
  • hacking
  • mobile
  • OSCP
  • owasp
  • Uncategorized
  • web application security

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
  • Twitter
  • Instagram
  • YouTube
Powered by WordPress.com.
 

Loading Comments...