zipbomb
Have you thought about maybe downloading more RAM? I’ve heard it helps you get to the bottom of things.
Attachments
Recon
Based on the challenge name, it is likely that the ZIP file contains another ZIP inside, and this process repeats with additional files until we eventually find the flag. Running binwalk confirms that the file is structured in this way:
$ binwalk -e bomb.zip
bomb.zip
------------------------------------------------------------------------------------
DECIMAL HEXADECIMAL DESCRIPTION
------------------------------------------------------------------------------------
0 0x0 ZIP archive, file count: 2, total size: 279658 bytes
------------------------------------------------------------------------------------
[+] Extraction of zip data at offset 0x0 completed successfully
------------------------------------------------------------------------------------
Analyzed 1 file for 85 file signatures (187 magic patterns) in 22.0 milliseconds
$ ls -e extractions/bomb.zip.extracted/0
nosyawur.txt tuwebvif.zip
$ cat extractions/bomb.zip.extracted/0/nosyawur.txt
DOWNLOAD MORE RAM DOWNLOAD MORE RAM DOWNLOAD MORE RAM ...
$ binwalk -e extractions/bomb.zip.extracted/0/tuwebvif.zip
extractions/bomb.zip.extracted/0/tuwebvif.zip
------------------------------------------------------------------------------------
DECIMAL HEXADECIMAL DESCRIPTION
------------------------------------------------------------------------------------
0 0x0 ZIP archive, file count: 2, total size: 279342 bytes
------------------------------------------------------------------------------------
[+] Extraction of zip data at offset 0x0 completed successfully
------------------------------------------------------------------------------------
Analyzed 1 file for 85 file signatures (187 magic patterns) in 21.0 milliseconds
$ ls -e extractions/tuwebvif.zip.extracted/0/
bjqqrwjy.zip lgnrleau.txt
Exploitation
Extracting each layer by hand would quickly become very time-consuming unless you want to spend your entire day on it. A much better approach is to automate the process with a script. Just remember two key things: do not use recursion, and try to avoid creating nested directory layouts.
while true; do
binwalk -e bomb.zip;
if ! ls extractions/bomb.zip.extracted/0/*.zip; then
break;
fi;
mv extractions/bomb.zip.extracted/0/*.zip bomb.zip;
rm -rf extractions;
done
Flag capture
Once we finish extracting each layer one by one, we will eventually reach the flag:
$ ls extractions/bomb.zip.extracted/0/
flag.txt
$ cat extractions/bomb.zip.extracted/0/flag.txt
EPFL{m4yb3_TH3_r3A1_r4M_15_th3_Fr13nd5_w3_m4d3_410ng_th3_w4y}