Continue characterizing the machine. Is there any way you can escalate to a user that has permissions the vim user does not have? Find the flag associated with this user. Submit the flag as
flag{flag_here}.
vim@ghost404.deadface.io letmevim
You first login to vim, which has vim open. Then you escape from it like you
did in the OverTheWire Bandit challenges with :set shell=bash and :shell. Now you have a proper shell over SSH.
The first thing I looked at after mistaking Host Busters 1’s key in the home
directory as 3 was look at what other user home directories there were by
running ls /home. I saw there were a few users, notably gh0st404 and
spookyboi.
gh0st404’s user home directory had his OpenSSH private key as
world-readable and in plain sight not in his .ssh hidden
directory. It being world-readable would have had OpenSSH scream at you, but
them being stupid was good for us.
So, once you use that SSH private key to login as gh0st404,
you can check the contents of hostbusters3.txt and you got the flag.
cat hostbusters3.txt
“This is why you should have come to the Monday meetings for OverTheWire.” ~Joey, FPUSEC President
Here’s an asciinema of the entire thing in action.