Official Zipping Discussion

okay, now that I’ve gotten root, I can ■■■■■ and moan about how dumb the “fix” to this box is:

  1. it doesn’t make either flag any more difficult to actually get
  2. it does make people who started working on this jump through a pretty trivial but annoying hoop
  3. it’s not like there aren’t ways to deal with unintended solutions if you want to remove them
  4. even if you want to “fix” it this way, notify players so they don’t just get confused why something they were working with suddenly stops working
1 Like

HA! it’s not only me! I got user a week ago and now i can’t get in…
Do you know the way in now?

They should have added it to the CHANGELOG…

Hello guys,

I found the code that have the intended way, put I don’t know how to get around the thing prevent me from exploiting the vulnerability any help please ?
Thank you all

Feel free to PM me if you want and we can talk about it. I didnt pwned the machine in the “intended way” but im interested.

I am getting confused on some of the wording here. I was working on this machine with I guess the unintended vector as I was able to get a file bypass and get the “PDF” to get dropped on the system. Now I know that you can’t get a non-pdf file to open anymore with the 404 error I am not sure where to go from here. I do know that the files that are actually marked with a PDF extension open just fine. Maybe that is the vector but I am really not sure. Can you maybe reword your first few steps. Thanks

the PDF vector to visualize OS files is still valid, just the change affect R*E vector

HTB complicate things, is simple like just say, a change that affect the user intended way was made and not say nothing until machine has been pnwed

Can anyone give me a hint on how to get a shell via the intended way? I had a shell working with the php upload but now it does not work anymore with the fix… Thx

I’m still stuck at the foothold any help please ?

Hello all,
I found two files that have the injection but I still can’t bypass the filter, any help please ?

Finally owned! After 4 days of efforts. Feel free to contact if you are stuck

Hi, I need help with foothole. I’m unable to upload my file on the server.

I’ve made a zip file with a php file in it with the extention phpD.pdf like in the but my file never gets there and
I have no error message. Without the double extention, the file upload without problem

1 Like

Hello inoaq,
DM, I just finished with difficulty the intended part for user.

Hi gargamel
I have just sent DM to you. Could you help me ?

Could someone give me some hints for zipping ?
I found zip vuln to see /etc/passwd or upload.php and so on but I get stuck to get RCE.
I tried to bypass pdf extention but failed to. I found changelog said “Added additional checks to the PHP application to prevent an unintended RCE via PHP webshell upload with null-byte injection.” so I think that I have to read some php file in detail…

I am having trouble getting the initial foothold, I seem to go down a rabbit hole for the old method, but unsure how to move forward with the new patch. I am assuming it’s probably something staring me in the face… Any help is appreciated.

I finally found the foothole. Forget about the upload There is another way before that. If you need more hint, PM me!

1 Like


After exploiting the zip I was able to find the source code of .php however I can’t seem to inject at the id product in hacktricks sending url encoded newline does not work for me

Need a little push thanks!

help me bro.
Is sqli a right path?
I found sqli vector and enumerated the database, but I didn’t find anything interesting.