zpr
zpr is a web challenge from the Nullcon Berlin HackIM 2023 CTF
Last updated
Was this helpful?
zpr is a web challenge from the Nullcon Berlin HackIM 2023 CTF
Last updated
Was this helpful?
download this challenge zip file
after reading the code it looks like the first website is for uploading zip files and the second one to view the the files uploaded (such as the files are in the path /tmp/data/hash) where the hash is the md5 hash of the zip filename
let's create a simple zip file and upload it
to upload this zip file we will use a simple request script
and this is the second website where we can view our files that we have uploaded in the first website
we know that the flag is in the root directory but we can view only files that exist in the /tmp/data/ path, to exploit this we will create a symlink to the flag that exists in the root directory and upload it once it's extracted it will point to the flag and get its content
now let's zip it using --symlink to store the symbolic link we have created
let's upload this zip that stores the symbolic link
let's open the link
let's open this flag file and BOOM we've got the flag
so the idea here is upload a symlink that points to the flag file
