World readable files strike again. Check what that user was up to, and use it to log into flag08 account.
To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08.
ls -la /home/flag08
capture.pcap? Lets load that in Wireshark.
Lets open our Kali VM.
scp email@example.com:/home/flag08/capture.pcap ~/Downloads/ wireshark ~/Downloads/capture.pcap
capture.pcap in Wireshark.
Right click on the first entry, mouse over Follow and click on TCP Stream.
This shows us some useful information.
It looks like an authentication prompt. If we select HexDump and look closer we can see those dots are actually the \x7D ASCII charature called DEL for Delete.
The password then should be:
Lets try login to flag08 with the password of backd00Rmate and run
You have successfully executed getflag on a target account.