10.12.2018


GVTs - wearegvts.com
OtterCTF - Misc - “ReCurse”

There is a zip bomb under the a.zip.
We didn’t even bother to run a bash script. Basically created two folders named 1 and 2.
Run the commands dozens times and saved the output to a file because we believe file names has to meant something.

unzip 1/*.zip -d 2/ && rm -f 1/*.zip
unzip 2/*.zip -d 1/ && rm -f 2/*.zip
cat result |grep Archive|cut -c 13-|cut -c 1|tr -d "\n"



Parsed file names looked like this:
aHR0cHM6Ly93d3cuZXhvdGljYW5pbWFsc2ZvcnNhbGUubmV0L3NhbGUvMzkzNTMtMi1mZW1hbGUtc21hbGwtY2xhdy1Bc2lhbi1vdHRlcnMuYXNw

Its a base64 decoded and equals to:
https://www.exoticanimalsforsale.net/sale/39353-2-female-small-claw-Asian-otters.asp

The last zip file which is w.zip requires a password and we can see the file name archived.
It says Email Me This.

So, zip password must be in the URL given as base64.

There is a seller profile in the URL with data follows:
Name:  Bob King  
User Review

User Review href includes a e-mail address:
Brking1991@gmail.com

This is the password of the w.zip file and EmailMeThis.txt contains the flag:
flag{Recursion_1S_T3rribl3_AnD_1_H4t3_My_L1F3!!}