AppPackager is an information security challenge in the Web category, and was presented to participants of KAF CTF 2019
The developers had to rush this one out - they released an incomplete version, and still had some things on their TODO list.
The user can inject a template url that has a zip with a broken symlink, which is unpacked, then gets repacked with the flag.
No need
Clone the repository, then type the following command to build the container:
docker build . -t apppackagerTo run the challenge, execute the following command:
docker run --rm -d -p 1000:80 apppackagerYou may now access the challenge interface through your browser: http://localhost:1000
Flag is:
KAF{7h3se_f1a9z_dr1v33_m3_cr4zy}