Official discussion thread for Zipping. Please do not post any spoilers or big hints.
Good luck everyone!
4 Likes
Is the machine up ?
good luck!
I don’t see any way to efficiently enumerate an RCE vulnerability, is the way to the solution just to keep trying different tricks with file names and magic bytes and stuff or is there something I’m missing?
1 Like
I think I know how to execute PHP code, but there is something else missing.
me too !, i think we both have the same idea
Just finished that machine. User requires some creative thinking, but both user and root are really easy imo. Dunno if any hints are needed here, but if you got stuck, feel free to PM me 
7 Likes
It seems like i’ve used an unintended way to get the user shell. I’ve contacted the box creator already. I’ll try doing the intended way and update the hints. For now, im not going to answer any questions about the user part because of that. Feel free to ask if you got stuck on root though
4 Likes
@lim8en1
was this for user re***u
Any hint for the upload part?
Anyone getting No ID provided! even when the request looks good?
Hopefully this is the intended way lol
is the sqli a rabbit hole ? i don’t wanna waste any more time
Rooted! Another misranked box, if you ask me. This was incredibly easy; I needed a little reminder on how to get user, but I got root within 15 minutes of getting user. PM me if you need a hand, though I don’t think you’ll need much help on this one.
EDIT: Wow, getting a ton of PMs here. If you need a hint, here it is. Mods, feel free to censor if the hints are too big.
User: (EDIT 2: This may be an unintended path, use with caution.) A) What’s the most naive pagination method in PHP? B) File types are not truly defined by their filenames.
Root: Obvious secrets, some weak obfuscation, a little misplaced trust… if you’ve ever worked with C, this’ll be a breeze.
3 Likes
Need some help got user flag but I think this was not the normal way to do it
now stuck with the initial foothold
1 Like
I have the same problem
I stuck at the file upload part. Tried several php rev-shells so far but they don’t get executed.
Has anybody some hints how to execute php code on the server?
same here
hey can anyone give me a DM , i will tell the approach i think i need to do to get user , then correct and a wee nudge?
Rooted. The hints that @Chainmanner wrote are perfect.
Note: that is not an invitation to flood their inbox with DMs…
I wasted a bit of time by overcomplicating things a little when trying to get to root: if you get stuck, my advice is to take a step back and think about how the process can be simplified.
If you think you see the vulnerability, but aren’t quite sure of one of the details, just think about what tools you already have on-hand that could show you the answers to that thing without reinventing the wheel.
Good luck everyone!
1 Like