PicoCTF 2017 - Keyz

Keyz

While webshells are nice, it’d be nice to be able to login directly. To do so, please add your own public key to ~/.ssh/authorized_keys, using the webshell. Make sure to copy it correctly! The key is in the ssh banner, displayed when you login remotely with ssh, to shell2017.picoctf.com

Create key on local computer, if needed.

1
$ ssh-keygen

then copy the created key:

1
2
$ cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1ycAAAADAQABAAABAQDV+zwT1xcREBiaE5T9W6L1qfvWepFxKxaUrbAur2Khb0GKIxyBTFVyubxk/8g/cqvwvoRMRFGVgTLBIegZiVyaIYP+v7qQe2DZcyIWGPS849H4frMxbiuattfQ/5jKyo3O73R8IkrmoFmNN5VIyO6qQ60zQWjQcu/nIAE+aLGjnKeuAwJd5+EuvWKgDM2kS6C6pjLXcZ1s4artBLHPU77oEdv6Q/+7LSzdnX/RvU+Qrk9rPouipoJ5/J1rPU8jJ79kX1eYxq6WxcqF8CGkw4Jws+Tjo0D0LkI2ZxA7soBFVll4ROInyYsy4aOwACQeIYl59DJVkj/EFma97p/x user@host                                                  

Then paste this key into the web-console’s authorized_keys file:

1
echo "ssh-rsa AAAAB3NzaC1ycAAAADAQABAAABAQDV+zwT1xcREBiaE5T9W6L1qfvWepFxKxaUrbAur2Khb0GKIxyBTFVyubxk/8g/cqvwvoRMRFGVgTLBIegZiVyaIYP+v7qQe2DZcyIWGPS849H4frMxbiuattfQ/5jKyo3O73R8IkrmoFmNN5VIyO6qQ60zQWjQcu/nIAE+aLGjnKeuAwJd5+EuvWKgDM2kS6C6pjLXcZ1s4artBLHPU77oEdv6Q/+7LSzdnX/RvU+Qrk9rPouipoJ5/J1rPU8jJ79kX1eYxq6WxcqF8CGkw4Jws+Tjo0D0LkI2ZxA7soBFVll4ROInyYsy4aOwACQeIYl59DJVkj/EFma97p/x user@host" >> ~/.ssh/authorized_keys

Finally, back on the local machine, ssh into the web console:

1
2
3
$ ssh username@shell2017.picoctf.com
Congratulations on setting up SSH key authentication!
Here is your flag: who_needs_pwords_anyways

Enter the flag to capture your next 50 points