Official Zipping Discussion

Official discussion thread for Zipping. Please do not post any spoilers or big hints.

Good luck everyone!


Is the machine up ?

good luck!

I don’t see any way to efficiently enumerate an RCE vulnerability, is the way to the solution just to keep trying different tricks with file names and magic bytes and stuff or is there something I’m missing?

1 Like

I think I know how to execute PHP code, but there is something else missing.

me too !, i think we both have the same idea

Just finished that machine. User requires some creative thinking, but both user and root are really easy imo. Dunno if any hints are needed here, but if you got stuck, feel free to PM me :slight_smile:


It seems like i’ve used an unintended way to get the user shell. I’ve contacted the box creator already. I’ll try doing the intended way and update the hints. For now, im not going to answer any questions about the user part because of that. Feel free to ask if you got stuck on root though :slight_smile:


was this for user re***u

can someone help me with user i am almost there

Any hint for the upload part?

Anyone getting No ID provided! even when the request looks good?

Hopefully this is the intended way lol

is the sqli a rabbit hole ? i don’t wanna waste any more time

Rooted! Another misranked box, if you ask me. This was incredibly easy; I needed a little reminder on how to get user, but I got root within 15 minutes of getting user. PM me if you need a hand, though I don’t think you’ll need much help on this one.

EDIT: Wow, getting a ton of PMs here. If you need a hint, here it is. Mods, feel free to censor if the hints are too big.

User: (EDIT 2: This may be an unintended path, use with caution.) A) What’s the most naive pagination method in PHP? B) File types are not truly defined by their filenames.
Root: Obvious secrets, some weak obfuscation, a little misplaced trust… if you’ve ever worked with C, this’ll be a breeze.


Need some help got user flag but I think this was not the normal way to do it
now stuck with the initial foothold

1 Like

I have the same problem

I stuck at the file upload part. Tried several php rev-shells so far but they don’t get executed.
Has anybody some hints how to execute php code on the server?

same here

hey can anyone give me a DM , i will tell the approach i think i need to do to get user , then correct and a wee nudge?