Zipper 🔺

Enumeration

The web is an app that zips all files you upload.

Initial Access

We can see an LFI by clicking on home, and using a PHP filter we can see PHP code.

The filter is removing the last extension.

We can upload a reverse shell to be zipped and then execute it by abusing zip slip without the extension.

Get the flag.

Privilege Escalation

There is a backup script with logs in /opt, read the logs.

Post Exploitation

Get the flag.