Skip to content

Zipper 🔺

Enumeration

The web is an app that zips all files you upload

Initial Access

We can see a LFI clicking on home and using a php filter we can see php code.

The filter is removing the last extension.

We can upload a reverse shell to be zipped and then execute it abusing zip slip without the extension.

Get the flag

Privilege Escalation

There is a backup script with logs on /opt, read the logs.

Post Exploitation

Get the flag