Nebula 06 is a retro challenge. The description of the problem says “The flag06 account credentials came from a legacy unix system.” This instantly made me think to check out the password file, /etc/passwd. Back in “the old days”, unix systems stored their passwords in /etc/passwd. But due to having the passwords where everyone could see them, they ended up moving towards password shadowing, where they stored the actual passwords in /etc/shadow, but kept the same user data in /etc/passwd.
In the /etc/passwd file I found a snippet for the flag06 user, with the old-fashioned password encrypted:
Thanks go john, I now know the flag06 password is “hello”. So I ssh locally, and run “getflag” to complete the challenge.
level06@nebula:/home/flag06$ ssh flag06@localhost
_ __ __ __
/ | / /__ / /_ __ __/ /___ _
/ |/ / _ \/ __ \/ / / / / __ `/
/ /| / __/ /_/ / /_/ / / /_/ /
For level descriptions, please see the above URL.
To log in, use the username of "levelXX" and password "levelXX", where
XX is the level number.
Currently there are 20 levels (00 - 19).
Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686)
* Documentation: https://help.ubuntu.com/
Last login: Fri Dec 2 06:51:34 2011 from localhost
You have successfully executed getflag on a target account
There you have it. Level 06 complete, with a warm and fuzzy look back in history.