OptimizePharaoh
HardWeb Security
Overview
Have massive images that need to be optimized? This is the right place for you! Upload your images and get them optimized in no time. The application supports PNG, JPG, JPEG, GIF, WebP, and SVG formats.
flag format: flag{}
Lab Details
Prerequisites & Requirements
- Basic understanding of PHP deserialization vulnerabilities
- Knowledge of PHAR (PHP Archive) format and phar:// protocol
- Familiarity with POP (Property Oriented Programming) chains
- Understanding of file upload vulnerabilities
- Experience with web application penetration testing
What will you learn?
- How to identify vulnerable third-party dependencies through version analysis
- Understanding PHAR deserialization attacks and their exploitation
- Working with POP chains to achieve Remote Code Execution
- Using automated tools like PHPGGC to craft serialization payloads
- Bypassing file upload restrictions through content-type manipulation
Tools
- PHPGGC: PHP Generic Gadget Chains tool for generating serialization payloads
- Burp Suite/OWASP ZAP: Web application proxy for request manipulation
- Composer: PHP dependency manager for testing payloads locally
- Webhook.site: External service for receiving exfiltrated data
Job Positions
Bug Bounty Hunter
Tags
Insecure DeserializationOwasp Top 10PhpUnrestricted File UploadSource Code Review