Cyber Apocalypse 2022 — Compressor
The compressor challenge was from category Misc. We had to start an instance and connect to it via netcat:
After connecting to the challenge, we were greeted with a menu.
We could choose a component and then choose an action. The action will then run a specific command.
The actions are vulnerable to command injection:
I have enumerated the directories until I was able to find a flag:
Finally I was able to read the flag: