Course

In this exercise, we delve into PHP handlers `file://` and `phar://`. While `file://` is commonly known across multiple programming languages, `phar://` is specific to PHP. This lab teaches you how to use `file_get_contents()` to retrieve files and leak the source code of an application hosted in `/var/www`. By analyzing the source code, you will identify exploitable gadgets, especially focusing on the `__destruct()` function.

The primary goal is to create a malicious PHP archive using the `phar://` handler, which will leverage the `__destruct()` function to gain code execution. The lab provides a step-by-step guide on how to build a phar file, upload it to the server, and execute it to achieve the desired exploit. This hands-on approach will solidify your understanding of PHP deserialization vulnerabilities and their potential impact.