Zipping
Zipping
Zipping 558
Zipping
RETIRED MACHINE

Zipping

Zipping - Linux Linux
Zipping - Medium Medium

4.1

MACHINE RATING

4325

USER OWNS

3539

SYSTEM OWNS

26/08/2023

RELEASED
Created by xdann1

Machine Synopsis

Zipping is a medium-difficulty Linux machine that features a variety of attack vectors. This machine starts off by identifying a file upload capability within the web application that is vulnerable to a zip-file symlink attack, leading to arbitrary file-reads on the target. Leveraging this attack we can identify key pieces of information about the underlying web application to exploit an SQL injection to write a PHP webshell to the filesystem and leverage an LFI vulnerability to load the webshell to gain code execution. Once initial access is gained a binary is available with `sudo` privileges that requires basic reverse engineering to recover the binary password. Further analysis of the binary shows that it is vulnerable to a library injection, where we can create a malicious library to be loaded with the binary and gain root access when it is executed with `sudo` privileges.

Machine Matrix

Ready to start your
hacking journey?