This post is a walkthrough of PortSwigger’s “modifying serialized objects” lab.
You won’t need Burp Suite for this challenge but you will need a Portswigger Academy account. Log in to your
With level 33 of Natas, we are randomly back to PHP after a brief journey using Perl. This is the final level of OverTheWire’s Natas series!
This walkthrough covers how Phar deserialization
This level of Natas covers a PHP deserialization vulnerability. This walkthrough covers source code analysis, why these vulnerabilities work, and how to construct a proof of concept that will get us the flag.