Slippy is an easy difficulty web challenge from HackTheBox vulnerable to Zip Slip because of the insecure use of the TarFile’s python module “extractall”. Due to the absence of file name validation, it is possible to create a malicious archive containing path traversals in order to overwrite other files and obtain remote code execution.