Exploit Zip Slip vulnerability in python tarfile

Learn how to exploit Zip Slip vulnerability in python tarfile! HackTheBox "slippy" wirteup is now available!

Posted Apr 25, 2022

By 0xbro

1 min read

Exploit Zip Slip vulnerability in python tarfile

Introduction

Slippy is an easy difficulty web challenge from HackTheBox vulnerable to Zip Slip because of the insecure use of the TarFile’s python module “extractall”. Due to the absence of file name checks it is possible to create a malicious archive containing path traversals in order to overwrite other files and obtain remote code execution.

Improved skills

Code review
Exploit Zip Slip vulnerability to get RCE

Used tools

burpsuite
tar

Video

Notes

Generate malicious tar.gz files containing relative path

        
      
tar -czvf files.tar.gz --absolute-names '../../../../../tmp/test.txt'

You can also use evilarc.py

tarfile and directory traversal vulnerability
tarfile: Traversal attack vulnerability
Zip Slip Vulnerability - Snyk
Exploiting insecure file extraction in Python for code execution

Articles & Writeups, Web Hacking

hackthebox python

This post is licensed under CC BY 4.0 by the author.