XMAS CTF 2018 Super Secure Siberian Vault
Super Secure Siberian Vault by Johannes
The challenge description implies that we need to upload a zip archive in order to bypass the security.
The first thing, we need to do is to find paths that execute php script and these path are the ./ and ./img
The second step is to identify the vulnerability. I have tried to do the zip symlink attack, which did not work; however, I found another exploitation vector.
What I did was to creata php file containing
<?php echo file_get_contents('../flag.txt'); ?>
Then rename the file to ..AimgAtintinmotaf and zip it.
Secondly, I did hexedit of the zip file and changed the A-s into / (https://pasteboard.co/HT1L7MM.png)
After uploading the zip uncompressed into the image path, and we can successfully execute it.