Discovery often starts with identifying an upload form. In many "Zipper" style challenges, you find a PHP-based upload page that generates a download link for your compressed files.

The server provides a path like /uploads/upload_12345.zip . Step 3: Gaining RCE

The application might be using ZipArchive in PHP to bundle files before storing them in an /uploads/ directory. Step 2: Exploitation (Webshell Upload)