I built a fancy shmancy web service that converts .tar archives to .zip!
Did the conversion once manually and then spent hours automating it, you know how it is. Now I just have to use it a few thousand times… But, ergh, you could help me with that.
Disclose the content of /opt/flag.txt!
There was a web site which lets you upload tar archives to convert them into zip archives you can download.
First I tried to modify the file name inside the tar archive to ../../../../opt/flag.txt and similiar, but the server responded with a sassy message:
I’m starting to think you don’t really know what you’re doing… Hmmm.
So the next thing I tried was a malicious symlink:
sudo touch /opt/flag.txt ln -s /opt/flag.txt evil_symlink
tar -cvf ebin.tar evil_symlink
Now it’s time to upload the tar archive and download the zip archive via the web browser.
After unzipping the archive, the file “evil_symlink” contained the following text:
Solved by petrosyan